Security analysis of the full-round DDO-64 block cipher

DDO-64 is a 64-bit Feistel-like block cipher based on data-dependent operations (DDOs). It is composed of 8 rounds and uses a 128-bit key. There are two versions of DDO-64, named DDO-64V1 and DDO-64V2, according to the key schedule. They were designed under an attempt for improving the security and performance of DDP-based ciphers. In this paper, however, we show that like most of the existing DDP-based ciphers, DDO-64V1 and DDO-64V2 are also vulnerable to related-key attacks. The attack on DDO-64V1 requires 235.5 related-key chosen plaintexts and 263.5 encryptions while the attack on DDO-64V2 only needs 8 related-key chosen plaintexts and 231 encryptions; our attacks are both mainly due to their simple key schedules and structural weaknesses. These works are the first known cryptanalytic results on DDO-64V1 and DDO-64V2 so far.