Challenge "Akelarre Part 1" ¶
By: admin on Nov. 24, 2010, 2:35 p.m.
Akelarre is a combination of IDEA and RC5. However, Akelarre is not as strong as those two ciphers. Perform a known plaintext attack on Akelarre.
Read more...
By: admin on Nov. 24, 2010, 2:35 p.m.
Akelarre is a combination of IDEA and RC5. However, Akelarre is not as strong as those two ciphers. Perform a known plaintext attack on Akelarre.
Read more...
By: fmoraes on Dec. 5, 2013, 6:53 p.m.
I think I found the shift but I am having trouble validating my program. It solves the case of no shift but that wrinkle is causing me some grief.
Would one of the previous solvers be willing to confirm the shift I found via PM or email?
Francisco
By: Veselovský on Dec. 9, 2013, 5:20 p.m.
Hello Francisco,
you can send me your shift in PM and I will try to find the shift in my documents… but I am not making precise documentation of what I did when solving particular challenge, since I am lazy to do that… and after a week or so I have sometimes no idea how I solved some challenge… so I do not guarantee that my check will be 100% correct ;-)
Best regards
Viktor
By: Veselovský on Dec. 9, 2013, 5:29 p.m.
…if I recall correctly, there were two likely shifts after the first stage of attack. Only in the final stage it was possible to decide which one of the two was correct.
By: madness on Aug. 8, 2023, 8:55 p.m.
I found a bug in the C code for this challenge. In the AR box, for the rotations that preserve the leftmost bit,
w[0] = (w[1] << t) | ((w[0] & 0x7fffffff) >> (31 - t)) | (w[0] & 0x80000000);
should be
w[0] = ((w[1] << t) & 0x7fffffff) | ((w[0] & 0x7fffffff) >> (31 - t)) | (w[0] & 0x80000000);
and similarly for w[0] [HTML_REMOVED] w[1]. There are a total of 6 affected lines.
By: madness on Aug. 8, 2023, 9:29 p.m.
Also,
w[1] = ((w[1] & 0xfffffffe) << t) | (w[1] >> (31 - t)) | (w[1] & 0x1);
should be
w[1] = ((w[1] & 0xfffffffe) << t) | ((w[1] >> (31 - t)) & 0xfffffffe) | (w[1] & 0x1);
in four places, and similarly for 0,1 -> 1,0 in four more places in AR().
Without these changes, the unrotated bit is overwritten. That can not be what the authors intended.
By: madness on Aug. 8, 2023, 9:35 p.m.
And finally, I would like to ask how the bits for generating the rotations in AR() are chosen. From Álvarez et al., they say bits 1..5 for the first rotation, whereas in Stamp's C code and his lecture slides online, the first rotation uses bits 27..31.
It probably doesn't matter, since no one uses this cipher, and I can't even find test vectors on the web.
Thanks / Cheers / Mahalo