Improved Key Recovery Attack on Round-reduced Hierocrypt-L1 in the Single-Key Setting
نویسندگان
چکیده
Hierocrypt-L1 is a 64-bit block cipher with a 128-bit key. It was selected among the Japanese e-Government 2003 recommended ciphers list and has been reselected in the 2013 candidate recommended ciphers list. In this work, we cryptanalyze Hierocrypt-L1 in the single-key setting. In particular, we construct a 5 S-box layers distinguisher that we utilize to launch a meet-in-the-middle attack on 8 S-box layers roundreduced Hierocrypt-L1 using the differential enumeration technique. Our attack allows us to recover the master key with data complexity of 2 chosen plaintexts, time complexity of 2 8-Sbox layers HierocryptL1 encryptions and memory complexity of 2 64-bit blocks. Up to the authors’ knowledge, this is the first cryptanalysis result that reaches 8 S-box layers of Hierocrypt-L1 in the single-key setting.
منابع مشابه
Meet-in-the-Middle Attacks on Reduced-Round Hierocrypt-3
Hierocrypt-3 is an SPN-based block cipher designed by Toshiba Corporation. It operates on 128-bit state using either 128, 192 or 256bit key. In this paper, we present two meet-in-the-middle attacks in the single-key setting on the 4-round reduced Hierocrypt-3 with 256-bit key. The first attack is based on the differential enumeration approach where we propose a truncated differential characteri...
متن کاملImproved SQUARE Attacks against Reduced-Round HIEROCRYPT
We present improved Square attacks against the NESSIE and ECTP candidate block ciphers Hierocrypt-3 and Hierocrypt-L1, designed by Toshiba. We improve over the previous best known attack on five S-box layers of Hierocrypt-3 by a factor of 2 computational steps with an attack on six layers for 128-bit keys, and extend it to seven S-box layers for longer keys. For Hierocrypt-L1 we are able to imp...
متن کاملImpossible Differential Cryptanalysis on Deoxys-BC-256
Deoxys is a final-round candidate of the CAESAR competition. Deoxys is built upon an internal tweakable block cipher Deoxys-BC, where in addition to the plaintext and key, it takes an extra non-secret input called a tweak. This paper presents the first impossible differential cryptanalysis of Deoxys-BC-256 which is used in Deoxys as an internal tweakable block cipher. First, we find a 4.5-round...
متن کاملImpossible Differential Cryptanalysis of Reduced-Round Midori64 Block Cipher (Extended Version)
Impossible differential attack is a well-known mean to examine robustness of block ciphers. Using impossible differ- ential cryptanalysis, we analyze security of a family of lightweight block ciphers, named Midori, that are designed considering low energy consumption. Midori state size can be either 64 bits for Midori64 or 128 bits for Midori128; however, both vers...
متن کاملImproved All-Subkeys Recovery Attacks on FOX, KATAN and SHACAL-2 Block Ciphers
The all-subkeys recovery (ASR) attack is an extension of the meet-in-the-middle attack, which allows evaluating the security of a block cipher without analyzing its key scheduling function. Combining the ASR attack with some advanced techniques such as the function reduction and the repetitive ASR attack, we show the improved ASR attacks on the 7-round reduced FOX64 and FOX128. Moreover, the im...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2015