|Designers||G. Álvarez, D. de la Guía, F. Montoya, A. Peinado|
|Derived from||IDEA, RC5|
|Key sizes||128 bits|
|Block sizes||128 bits|
|Best public cryptanalysis|
|Susceptible to ciphertext-only attack|
Akelarre is a 128-bit block cipher with a variable key-length which must be some multiple of 64 bits. The number of rounds is variable, but four are suggested. The round function of Akelarre is similar to IDEA in structure.
After the successful cryptanalysis of Akelarre, its designers responded with an updated variant called Ake98. This cipher differs from the original Akelarre in the new AR-box (Addition-Rotation box), the swapping of words at the end of a round, and the addition of subkeys at the beginning of each round. In 2004, Jorge Nakahara, Jr. and Daniel Santana de Freitas found large classes of weak keys for Ake98. These weak keys allow a cryptanalysis faster than exhaustive search using only 71 known plaintexts, for up to 11.5 rounds of Ake98.
- G. Álvarez Marañón; A. Fúster Sabater; D. Guía Martínez; F. Montoya Vitini; A. Peinado Domínguez (1996). "Akelarre: a New Block Cipher Algorithm" (PDF/PostScript). Proceedings of SAC'96, Third Annual Workshop on Selected Areas in Cryptography. Queen's University, Kingston, Ontario. pp. 1–14.
- Niels Ferguson and Bruce Schneier (August 1997). "Cryptanalysis of Akelarre" (PDF). Proceedings of SAC'97, Fourth Annual Workshop on Selected Areas in Cryptography. Carleton University. pp. 201–212.
- Lars Knudsen and Vincent Rijmen (August 1997). "Two Rights Sometimes Make a Wrong" (PDF/PostScript). Proceedings of SAC'97, Fourth Annual Workshop on Selected Areas in Cryptography. Carleton University. pp. 213–223.
- Lars Knudsen; Vincent Rijmen (April 2000). "Ciphertext-only Attack on Akelarre". Cryptologia. 24 (2): 135–147. doi:10.1080/01611190008984238.
- J. Nakahara Jr.; D.S. de Freitas (2004). "Cryptanalysis of Ake98" (PDF). INDOCRYPT 2004, 5th International Conference on Cryptology in India. Chennai: Springer-Verlag. pp. 162–174. Retrieved 2007-02-05.