If one has the last round key in an SP or Feistel network (the 16th round key in DES for example), would that someone be able to decrypt the rest of the encryption?
Asked
Active
Viewed 319 times
6
-
1No, because knowing a single round key should not give you any information about the others. Only the master key can derive the round keys, by design. – May 30 '16 at 10:19
-
6@TruthSerum AES-128 is a famous contradiction to that statement – Richie Frame May 30 '16 at 10:27
-
1You should check this related question concerning AES-256: http://crypto.stackexchange.com/questions/15200/how-secure-is-the-aes-master-key-if-round-keys-are-found – Raoul722 May 30 '16 at 11:49
1 Answers
4
It depends on the block cipher in question - specifically its key schedule. Knowing any round key of AES-128 would let you calculate the key, because the schedule is reversible. OTOH, e.g. TEA would retain secrecy of most of the key and might remain secure, because its round keys are small enough parts of the key.
In the case of DES, it is weak enough to be decryptable regardless of any information. However, knowing a round key would make it trivial, since every round key reveals 48/56 key bits, leaving only 8 bits to be brute forced.
otus
- 32,132
- 5
- 70
- 165