Template:Use ymd dates
This article summarizes publicly known attacks against block ciphers . Note that not all entries may be up to date.
Table color key
No known successful attacks
Theoretical break
Attack demonstrated in practice
The Best attack column lists the complexity of the attack:
If the attack doesn't break the full cipher, "rounds" refers to how many rounds were broken
"time" — time complexity , number of cipher evaluations for the attacker
"data" — required known plaintext-ciphertext pairs (if applicable)
"memory" — how many blocks worth of data needs to be stored (if applicable)
"related keys" — for related-key attacks , how many related key queries are needed Common block ciphers [ ] Key recovery attacks [ ] Attacks that lead to disclosure of the key .
Cipher
Security claim
Best attack
Attack date
Comment
AES128
2128
Template:?
AES192
2192
Template:Nowrap
2009-12-04[1]
AES256
2256
Template:Nowrap
Blowfish
2448
4 of 16 rounds
1997[2]
DES
256
256 time
1998-07-17[3]
Broken by brute force, see EFF DES cracker . Off-the-shelf hardware is available for $10,000.[4]
Template:Nowrap
2168
2113 time, 232 data, 288 memory
1998-03-23[5]
KASUMI
2128
232 time, 226 data, 230 memory, 4 related keys
2010-01-10[6]
The cipher used in 3G cell phone networks. This attack takes less than two hours on a single PC, but isn't applicable to 3G due to known plaintext and related key requirements.
Serpent -128
2128
10 of 32 rounds (289 time, 2118 data)
2002-02-04[7]
Linear cryptanalysis
Serpent-192
2192
11 of 32 rounds (2187 time, 2118 data)
Serpent-256
2256
Twofish
2128 ..2256
6 of 16 rounds (2256 time)
1999-10-05[8]
Less common ciphers [ ] Key recovery attacks [ ] Attacks that lead to disclosure of the key .
Cipher
Security claim
Best attack
Attack date
Comment
CAST-128
2128
248 time, 217 chosen plaintexts
1997-11-11[9]
Related-key attack
IDEA
2128
6 of 8.5 rounds (2126.8 time, 264 data)
2007-03-26[10]
Differential-linear attack
RC2
264 ..2128
2?? time, 234 chosen plaintexts
1997-11-11[9]
Related-key attack
RC5
2128
Template:?
SEED
2128
Template:?
Skipjack
280
Template:Nowrap
1999-05-02[11]
Chosen plaintext impossible differential cryptanalysis
TEA
2128
Template:Nowrap
1997-11-11[9]
Related-key attack
XTEA
2128
Template:?
XXTEA
2128
259 chosen plaintexts
2010-05-04[12]
Chosen-plaintext , differential cryptanalysis
See also [ ] References [ ]
↑ Template:Cite web ↑ Template:Cite paper ↑ Template:Cite web ↑ Template:Cite web ↑ Template:Cite paper ↑ Template:Cite paper ↑ Template:Cite paper ↑ Template:Cite paper ↑ 9.0 9.1 9.2 Template:Cite journal ↑ Template:Cite paper ↑ Template:Cite journal ↑ Template:Cite paper
Cryptography navbox Block ciphers