Weak keys and plaintext recovery for the Dhall-Pal Block Cipher

The Dhall-Pal Cipher (DPC) is a 128-bit block cipher with a 128-bit key introduced by Dhall and Pal in 2010. It is based on the substitution-permutation network (SPN) structure, and has elements in common with the Advanced Encryption Standard (AES). The most significant differences between the DPC and the AES occur in the linear transformation stage, some components of which are key-dependent in the DPC. In this paper we identify a large set of weak keys for the DPC, and we describe practical attacks enabled by these weak keys. We first present fast distinguishing attacks that succeed for approximately 2124 out of the 2128 keys. We then describe two plaintext-recovery attacks that succeed for 2120 keys. One of these plaintext-recovery attacks can decrypt any ciphertext using only 211 encryptions on average.