2011 | OriginalPaper | Chapter
Mars Attacks! Revisited:
Differential Attack on 12 Rounds of the MARS Core and Defeating the Complex MARS Key-Schedule
Authors : Michael Gorski, Thomas Knapke, Eik List, Stefan Lucks, Jakob Wenzel
Published in: Progress in Cryptology – INDOCRYPT 2011
Publisher: Springer Berlin Heidelberg
Activate our intelligent search to find suitable subject content or patents.
Select sections of text to find matching patents with Artificial Intelligence. powered by
Select sections of text to find additional relevant content using AI-assisted search. powered by
The block cipher MARS has been designed by a team from IBM and became one of the five finalists for the AES. A unique feature is the usage of two entirely different round function types. The ”wrapper rounds” are unkeyed, while the key schedule for the ”core rounds” is a slow and complex one, much more demanding then, e.g., the key schedule for the AES. Each core round employs a 62-bit round key. The best attack published so far [KKS00] was applicable to 11 core rounds, and succeeded in recovering some 163 round key bits. But neither did it deal with inverting the key schedule, nor did it provide any other means to recover the remaining 519 round key bits in usage.
Our attack applies to 12 core rounds, needs 2
252
operations, 2
65
chosen plaintexts and 2
69
memory cells. After recovering a limited number of cipher key bits, we deal with the inverse key-schedule to recover the original encryption key. This allows the attacker to easily generate all the round keys in the full.