Talk:Phelix

This article has not yet been rated on Wikipedia's content assessment scale. It is of interest to the following WikiProjects:

Cryptography: Computer science This article is within the scope of WikiProject Cryptography, a collaborative effort to improve the coverage of Cryptography on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.CryptographyWikipedia:WikiProject CryptographyTemplate:WikiProject CryptographyCryptography articles ??? This article has not yet received a rating on the importance scale. This article is supported by WikiProject Computer science.

A second cryptanalytic paper on Phelix titled "Differential Attacks against Phelix" was published on 26 November 2006 by Hongjun Wu and Bart Preneel. The paper is based on the same attacks assumption as the Differential Attack against Helix. The paper shows that if the cipher is used incorrectly (nonces reused), the key of Phelix can be recovered with about 237 operations, 234 chosen nonces and 238.2 chosen plaintext words. The computational complexity of the attack is much less than that of the attack against Helix.

Some commentary (last paragraph of 3.3) by DJB on this attack: "Phelix was later eliminated from eSTREAM for reasons I consider frivolous, namely an 'attack' against users who have trouble counting 1,2,3, …; I have no idea why this 'attack' should eliminate an attractive option for users who are able to count 1,2,3, …" - so, let's say this decision is contentious (although key recovery is worse than the "normal" plaintext-recovery attacks on stream ciphers that are used incorrectly). Aragorn2 (talk) 10:10, 2 July 2019 (UTC)[reply]