Security analysis of the full-round DDO-64 block cipher

Abstract

DDO-64 is a 64-bit Feistel-like block cipher based on data-dependent operations (DDOs). It is composed of 8 rounds and uses a 128-bit key. There are two versions of DDO-64, named DDO-64V 1 and DDO-64V 2, according to the key schedule. They were designed under an attempt for improving the security and performance of DDP-based ciphers. In this paper, however, we show that like most of the existing DDP-based ciphers, DDO-64V 1 and DDO-64V 2 are also vulnerable to related-key attacks. The attack on DDO-64V 1 requires 2 35.5 related-key chosen plaintexts and 2 63.5 encryptions while the attack on DDO-64V 2 only needs 8 related-key chosen plaintexts and 2 31 encryptions; our attacks are both mainly due to their simple key schedules and structural weaknesses. These works are the first known cryptanalytic results on DDO-64V 1 and DDO-64V 2 so far.