Row, Row, Row Your Boat: How to Not Find Weak Keys in Pilsung

Chitchanok Chuengsatiansup*, Eyal Ronen, Gregory G. Rose, Yuval Yarom

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review


The Pilsung cipher is part of the North Korean Red Star operating system, which was leaked to the West in 2014. Initial analysis by Kryptos Logic reported a possibility of a class of weak keys due to the use of pseudo-random diffusion. Following this lead, we analyzed the cipher and identified a small class of such weak keys. We developed techniques for searching for a key that belongs to the class. After spending thousands of CPU hours, we found a supposedly weak key for a slightly weaker version of Pilsung, but the key did not behave as we expected. On further investigation we found out a crucial misunderstanding in a critical part of the cipher and that no such class of weak keys exists in Pilsung. Thus, this paper makes two main contributions to the art of cryptanalysis. First, it identifies and shows how to investigate a potential weakness in randomizing diffusion, which although does not exist in Pilsung, may affect future designs. Second, it highlights the need for early verification of results in order to identify errors before expending significant resources.

Original languageEnglish
Pages (from-to)1335-1341
Number of pages7
JournalComputer Journal
Issue number6
StatePublished - 1 Jun 2023


  • AES
  • Pilsung
  • differential analysis
  • weak keys


Dive into the research topics of 'Row, Row, Row Your Boat: How to Not Find Weak Keys in Pilsung'. Together they form a unique fingerprint.

Cite this