PGP Attack FAQ: The symmetric cipher

IDEA, finalized in 1992 by Lai and Massey is a block cipher that operates on 64-bit blocks of data. There have be no advances in the cryptanalysis of standard IDEA that are publically known. (I know nothing of what the NSA has done, nor does most anyone.) The only known method of attack, therefore, is brute force.

Table of contents

Can IDEA be brute-forced?

As we all know the keyspace of IDEA is 128-bits. In base 10 notation that is:

340,282,366,920,938,463,463,374,607,431,768,211,456.

To recover a particular key, one must, on average, search half the keyspace. That is 127 bits:

170,141,183,460,469,231,731,687,303715,884,105,728.

If you had 1,000,000,000 machines that could try 1,000,000,000 keys/sec, it would still take all these machines longer than the universe as we know it has existed and then some, to find the key. IDEA, as far as present technology is concerned, is not vulnerable to brute-force attack, pure and simple.

What indirect attacks are possible?

If we cannot crack the cipher, and we cannot brute force the key-space, then perhaps an indirect attack is possible. For instance, one might try to find a weakness in the pseudo-random number generator (PRNG) that is used by PGP to generate the pseudo-random IDEA session keys. This topic is covered in more detail in PGP Attack FAQ: The pseudo-random number generator (PRNG).

All parts of this FAQ