Akelarre (cipher)

From Wikipedia, the free encyclopedia
DesignersG. Álvarez, D. de la Guía, F. Montoya, A. Peinado
First published1996
Derived fromIDEA, RC5
Cipher detail
Key sizes128 bits
Block sizes128 bits
StructureLai–Massey scheme
Best public cryptanalysis
Susceptible to ciphertext-only attack

Akelarre is a block cipher proposed in 1996, combining the basic design of IDEA with ideas from RC5. It was shown to be susceptible to a ciphertext-only attack in 1997.

Akelarre is a 128-bit block cipher with a variable key-length which must be some multiple of 64 bits. The number of rounds is variable, but four are suggested. The round function of Akelarre is similar to IDEA in structure.

After the successful cryptanalysis of Akelarre, its designers responded with an updated variant called Ake98. This cipher differs from the original Akelarre in the new AR-box (addition–rotation box), the swapping of words at the end of a round, and the addition of subkeys at the beginning of each round. In 2004, Jorge Nakahara, Jr. and Daniel Santana de Freitas found large classes of weak keys for Ake98. These weak keys allow a cryptanalysis faster than exhaustive search using only 71 known plaintexts, for up to 11.5 rounds of Ake98.


  • G. Álvarez Marañón; A. Fúster Sabater; D. Guía Martínez; F. Montoya Vitini; A. Peinado Domínguez (1996). "Akelarre: a New Block Cipher Algorithm" (PDF/PostScript). Proceedings of SAC'96, Third Annual Workshop on Selected Areas in Cryptography. Queen's University, Kingston, Ontario. pp. 1–14.
  • Niels Ferguson and Bruce Schneier (August 1997). "Cryptanalysis of Akelarre" (PDF). Proceedings of SAC'97, Fourth Annual Workshop on Selected Areas in Cryptography. Carleton University. pp. 201–212. Archived from the original (PDF) on July 23, 2004.
  • Lars Knudsen and Vincent Rijmen (August 1997). "Two Rights Sometimes Make a Wrong" (PDF/PostScript). Proceedings of SAC'97, Fourth Annual Workshop on Selected Areas in Cryptography. Carleton University. pp. 213–223.
  • Lars Knudsen; Vincent Rijmen (April 2000). "Ciphertext-only Attack on Akelarre". Cryptologia. 24 (2): 135–147. doi:10.1080/01611190008984238. S2CID 30403134.
  • J. Nakahara Jr.; D.S. de Freitas (2004). "Cryptanalysis of Ake98". INDOCRYPT 2004, 5th International Conference on Cryptology in India. Chennai: Springer-Verlag. pp. 162–174. doi:10.1007/978-3-540-30556-9_17.