1

I've read in Wiki that XXTEA cipher is vulnerable to "a chosen-plaintext attack requiring 2^59 queries". I'dont exactly understand how bad is that, but something tell me that it's extremely hard to implement such attack on practice. Am I right?

Another question: is it possible just to increase number of rounds to make it stronger? I mean, instead of this:

q = 6 + 52/n;

do this:

q = X + 52/n; //where X - any number greater than 6

Is that correct change of code? How else this algo can be fixed?

Alek Depler
  • 111
  • 3

1 Answers1

2

The paper describing the attack is here: https://eprint.iacr.org/2010/254.pdf

Essentially, it means:

  1. There is some XXTEA-encrypted data A, the attacker has it, but he has no key.
  2. The attacker makes 2^59 blocks of own data B (minimum block size is 64 bit, so this is 4194304 terabyte, ie. too much for a home computer). I didn't read in detail if there are requirements what data it is, or if the only requirement is that the attacker knows the content, but it doesn't really matter.
  3. The attacker can somehow get his B-data encrypted with the same key as the A-data (without being told the key, of course).
  4. The analysis of the 2^59 blocks of encrypted B-data (together with the plan data, which the attacker has, of course) is enough to extract the used key. Now the attacker can decrypt the A-data too.

Tldr It does not mean that everyone can read XXTEA-encrypted data now, but it's a lot less secure than it should be (the key has 128 bit...).

deviantfan
  • 1,187
  • 8
  • 16