IDEA uses Mix Mode Modular Arithmetic that includes Addition Modulo $2^{16}$ and Multiplication Modulo $2^{16}+1$. If Multiplication Modulo with $2^{16}$ is used instead of $2^{16}+1$ (where $2^{16}$ is not a prime field) how this modification affects IDEA (specifically Decryption & Probability distribution).
Asked
Active
Viewed 87 times
1 Answers
1
If replacing IDEA's multiplication modulo $2^{16}+1$ by multiplication modulo $2^{16}$ (and dropping the replacement of $0$ by $2^{16}$ on input, and vice versa on output), then
- For the cipher to be reversible, we need to use odd subkeys for these that enter a multiplier ($k_1$, $k_4$, $k_5$, $k_6$ of rounds, and half rounds for the first two). This follows from the fact that $x\mapsto k\cdot x\bmod m$ for $0\le x<m$ is reversible if and only if $k$ is coprime with $m$; that is, when $k$ is odd for $m$ a power of two.
- There is no longer any operation in the modified IDEA that diffuses a bit flip to the right within a 16-bit word. This is a complete disaster. For example, it allows a trivial distinguisher: randomly changing the high order byte of 16-bit words of input has no action on the low-order bytes of the 16-bit words of the ciphertext output! And I guess key recovery (perhaps of an equivalent key) is feasible by attacking the cipher and sub-keys bit-by-bit within 16-bit words.
fgrieu
- 149,326
- 13
- 324
- 622