[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Quick Mode and resistance to related-key cryptanalysis
Certainly one designs keying protocols with the idea that keys should be as independent as
possible, given the amount of effort available. There are multiple reasons
for this, and related key cryptanalysis of particular ciphers is one of them.
Hilarie
>>> "Marcus Leech" <mleech@nortelnetworks.com> 03/29/99 12:15PM >>> wrote
that Hilarie Orman wrote:
>
> What? In the generic sense, of course you shouldn't be able to relate
> keys. Is there a specific definition of "related key cryptanalysis"?
Yes, I recall early on a discussion about simple transformations
of existing keys in Quick Mode exchanges, it is exactly those
simple, predictable key changes, that makes related-key
cryptanalysis work. Granted, for many algorithms, related-key
cryptanalysis is not particularly feasible, but for others, it's
a concern.