An Analysis of FOX

Jorge Nakahara Jr.

This paper presents new cryptanalytic results on reduced-round versions of the FOX block cipher, also known as IDEA-NXT. We can recover all subkeys of 2-round variants of FOX, and derive internal cipher data from r- round FOX, for any r > 2. This information leakage phenomenon is based only on the high-level Lai-Massey scheme, and was already observed in Feistel ciphers such as DES, but is absent even in IDEA, whose design inspired the FOX ciphers. Moreover, this paper presents the first impossible-differential analysis of reduced-round FOX, and new results on 4-round and 5-round FOX.

