Talk:Phelix


 * A second cryptanalytic paper on Phelix titled "Differential Attacks against Phelix" was published on 26 November 2006 by Hongjun Wu and Bart Preneel. The paper is based on the same attacks assumption as the Differential Attack against Helix. The paper shows that if the cipher is used incorrectly (nonces reused), the key of Phelix can be recovered with about 237 operations, 234 chosen nonces and 238.2 chosen plaintext words. The computational complexity of the attack is much less than that of the attack against Helix.

Some commentary (last paragraph of 3.3) by DJB on this attack: "Phelix was later eliminated from eSTREAM for reasons I consider frivolous, namely an 'attack' against users who have trouble counting 1,2,3, …; I have no idea why this 'attack' should eliminate an attractive option for users who are able to count 1,2,3, …" - so, let's say this decision is contentious (although key recovery is worse than the "normal" plaintext-recovery attacks on stream ciphers that are used incorrectly). Aragorn2 (talk) 10:10, 2 July 2019 (UTC)