Re: TEA

David Wagner (daw@CS.Berkeley.EDU)
Thu, 25 Jun 1998 10:50:33 -0700 (PDT)

• Next message: Laurent Demailly: "Re: Random seeds"
• Previous message: John Young: "Dupes in NSA Release"

> At 05:56 PM 6/24/98 +0000, you wrote:
> >[TEA]
> >> It has also been broken, hasn't it?
> >
> >Do you have any reference?.
>
> Check the extended version of TEA
> <http://www.cl.cam.ac.uk/ftp/users/djw3/xtea.ps>
>
> three related-key attacks
> http://www.cs.berkeley.edu/~daw/keysched-crypto96.ps
> three other equivalent keys
> http://www.cs.berkeley.edu/~daw/keysched-icics97.ps
>

The existence of related-key attacks only means you have to
take care in how keys are chosen to ensure that related-key
situations can't arise.

Ditto for equivalent keys, when the keylength is long enough.

One important exception: if you want to use it to build a hash
function (e.g. via the Davies-Meyer construction), then you
have to be very careful about the existence of related-key attacks.

I certainly wouldn't consider any cipher "broken" just because
it is susceptible to related-key cryptanalysis.

Just my opinion. -- David Wagner

• Next message: Laurent Demailly: "Re: Random seeds"
• Previous message: John Young: "Dupes in NSA Release"