Biclique Cryptanalysis of TWINE
نویسندگان
چکیده
TWINE is a lightweight block cipher proposed at ECRYPT Workshop on Lightweight Cryptography 2011, Belgium. The cipher consists of 36 rounds and has two versions TWINE-80 and TWINE-128 supporting key lengths of 80 and 128 bits, respectively. The block length of the two versions is 64-bit. In this paper, we present the first single-key attacks on the both versions of the cipher. In these attacks, we use the recently developed biclique technique. The complexities of the attacks on TWINE-80 and TWINE-128 are 2 and 2 respectively and the data requirement for the two attacks is 2.
منابع مشابه
Biclique Cryptanalysis of Block Ciphers LBlock and TWINE-80 with Practical Data Complexity
In the biclique attack, a shorter biclique usually results in less data complexity, but at the expense of more computational complexity. The early abort technique can be used in partial matching part of the biclique attack in order to slightly reduce the computations. In this paper, we make use of this technique, but instead of slight improvement in the computational complexity, we keep the amo...
متن کاملGeneralized MitM attacks on full TWINE
TWINE is a lightweight block cipher which employs a generalized Feistel structure with 16 nibble-blocks. It has two versions: TWINE-80 and TWINE-128, both have a block length of 64 bits and employ keys of length 80 and 128 bits, respectively. In this paper, we propose a low data complexity key recovery attack on the full cipher. This attack is inspired by the 3-subset Meet-in-the-Middle (MitM) ...
متن کاملBiclique Cryptanalysis of Full Round AES with Reduced Data Complexity
Abstract. Biclique cryptanalysis was proposed by Bogdanov et al. in Asiacrypt 2011 as a new tool for cryptanalysis of block ciphers. A major hurdle in carrying out biclique cryptanalysis is that it has a very high query complexity (of the order of 2 for AES-128, 2 for AES-192 and 2 for AES-256). This naturally puts a big question mark over the practical feasibility of implementing biclique atta...
متن کاملBiclique Attack of the Full ARIA-256
In this paper, combining the biclique cryptanalysis with the MITM attack, we present the first key recovery method for the full ARIA256 faster than brute-force. The attack requires 280 chosen plaintexts, and the time complexity is about 2255.2 full-round ARIA encryptions in the processing phase. keywords: Block Cipher; ARIA-256; Biclique structure
متن کاملNarrow-Bicliques: Cryptanalysis of Full IDEA
The biclique attack framework was recently introduced as a way to add more rounds to a meet-in-the-middle attack while potentially keeping the same time complexity. We apply and extend the recently introduced biclique framework to IDEA and for the first time describe an approach to noticeably speed-up key-recovery for the full 8.5 round IDEA. We also show that the biclique approach to block cip...
متن کامل