Improved Meet-in-the-Middle Attacks on Reduced-Round Kiasu-BC and Joltik-BC

Ya, Liu; Shi, Yifan; Gu, Dawu; Zeng, Zhiqiang; Zhao, Fang; Wei, Li; Liu, Zhiqiang; Yang, Bao

doi:10.1093/comjnl/bxz059

Cited by 4 publications

(20 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Theorem [8] Let

{w_{0}^{0}, w_{0}^{1}, \dots, w_{0}^{15}}

and

{t_{0}^{0}, t_{0}^{1}, \dots, t_{0}^{15}}

be two b ‐ δ ‐ sets where b = 4 and satisfy

w_{0}^{a} [1] = t_{1}^{a} [1] \oplus t_{1}^{0} [1] = a (a = 0, 1, 2, \dots, 15)

. Meanwhile, the truncated differential characteristic needs to be generated by a pair of message–tweak combinations

(w_{0}^{i}, t_{1}^{i}), (w_{0}^{j}, t_{1}^{j})

, as outlined in Figure 3.…”

Section: Meet‐in‐the‐middle Attack On Nine‐round Joltik‐bc‐64‐64mentioning

confidence: 99%

“…The authors analyse the security of Joltik‐BC‐64‐64 and Joltik‐BC‐128‐64 against the meet‐in‐the‐middle attack. Firstly, they clearly distinguish the tweak and the key to propose a precise six‐round meet‐in‐the‐middle distinguisher using the subtweakey difference cancellation property, the tweak difference and the differential enumeration technique, based on the results of Joltik‐BC‐64‐64 given in [8]. Then, by adding one round to the top and two to the bottom, they present a meet‐in‐the‐middle attack with 2 53 plaintext–tweak combinations, 2 52.91 Joltik‐BC blocks and 2 54.1 nine‐round Joltik‐BC‐64‐64 encryptions.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Improved meet‐in‐the‐middle attacks on reduced‐round Joltik‐BC

Li¹,

Chen²

2021

IET Information Security

View full text Add to dashboard Cite

Joltik‐BC is an internal tweakable block cipher of the authenticated encryption algorithm Joltik, which was a second‐round finalist in the CAESAR competition. The authors study the key‐recovery attacks on Joltik‐BC under meet‐in‐the‐middle attack. Utilising the subtweakey difference cancellation, the freedom of the tweak and the differential enumeration, they attack on nine‐round Joltik‐BC‐64‐64 by constructing a precise six‐round meet‐in‐the‐middle distinguisher with 253 plaintext–tweak combinations, 252.91 Joltik‐BC blocks and 254.1 nine‐round Joltik‐BC‐64‐64 encryptions. Moreover, they attempt to attack on 11‐round Joltik‐BC‐128‐64 for the first time by constructing a seven‐round meet‐in‐the‐middle distinguisher with 253 plaintext–tweak combinations, 2114 Joltik‐BC blocks and 2123 11‐round Joltik‐BC‐128‐64 encryptions.

show abstract

“…Theorem [8] Let

{w_{0}^{0}, w_{0}^{1}, \dots, w_{0}^{15}}

and

{t_{0}^{0}, t_{0}^{1}, \dots, t_{0}^{15}}

be two b ‐ δ ‐ sets where b = 4 and satisfy

w_{0}^{a} [1] = t_{1}^{a} [1] \oplus t_{1}^{0} [1] = a (a = 0, 1, 2, \dots, 15)

. Meanwhile, the truncated differential characteristic needs to be generated by a pair of message–tweak combinations

(w_{0}^{i}, t_{1}^{i}), (w_{0}^{j}, t_{1}^{j})

, as outlined in Figure 3.…”

Section: Meet‐in‐the‐middle Attack On Nine‐round Joltik‐bc‐64‐64mentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Improved meet‐in‐the‐middle attacks on reduced‐round Joltik‐BC

Li¹,

Chen²

2021

IET Information Security

View full text Add to dashboard Cite

show abstract

“…In [13], the authors propose a meet-in-the-middle attack on 10-round Joltik-BC-128 with a data complexity of 2 56.1 , a time complexity of 2 126.5 under the single-key setting. In [14], they attack 9-round Joltik-BC-128 with a data complexity of 2 53 , a time complexity of 2 56.6 , a memory complexity of 2 52.91 blocks and 10-round Joltik-BC-128 with a data complexity of 2 53 , a time complexity of 2 101.4 and a memory complexity of 2 76.91 blocks, using the related-key meet-inthe-middle methodology. The related work and our results are shown in Table 1.…”

Section: B Related Workmentioning

confidence: 99%

“…Since then, many proposals, for example, Deoxys-BC [17], Joltik-BC [18], SKINNY [19] and QARMA [20], have followed the TWEAKEY framework and thus take a unified tweakey input instead of a pair key/tweak. For these proposals, many works [14], [21]- [23] have shown the risky of the related-tweakey setting. There are two reasons:…”

Section: Milp Model To Search Related-key Impossible Differentialmentioning

confidence: 99%

See 1 more Smart Citation

MILP-Aided Related-Tweak/Key Impossible Differential Attack and its Applications to QARMA, Joltik-BC

Zong

Dong

2019

IEEE Access

View full text Add to dashboard Cite

In this paper, we study the relation of related-tweak/key impossible differentials with singlekey ones. Following a heuristic strategy, we can derive longer related-tweak/key impossible differentials from single-key ones. We implement this strategy with the MILP technique and apply it to search relatedtweak/key impossible differentials of two tweakable block ciphers: QARMA-64 and Joltik-BC-128. For QARMA-64, we find several 7-round related-tweak impossible differential distinguishers and use them to mount a 10-round key recovery attack including the outer whitening key; for Joltik-BC-128, we find two 6-round related-tweakey impossible differential distinguishers and use them attack 9-round and 10-round Joltik-BC-128 respectively.INDEX TERMS Impossible differential attack, Joltik-BC-128, QARMA-64, related-tweakey, tweakable block cipher.

show abstract

Higher-Order Mixture Differentials for AES-Based Block Ciphers and Applications to TweAES

List

2024

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Improved Meet-in-the-Middle Attacks on Reduced-Round Kiasu-BC and Joltik-BC

Cited by 4 publications

References 9 publications

Improved meet‐in‐the‐middle attacks on reduced‐round Joltik‐BC

Improved meet‐in‐the‐middle attacks on reduced‐round Joltik‐BC

MILP-Aided Related-Tweak/Key Impossible Differential Attack and its Applications to QARMA, Joltik-BC

Higher-Order Mixture Differentials for AES-Based Block Ciphers and Applications to TweAES

Contact Info

Product

Resources

About