Meet-in-the-Middle Attacks on Reduced-Round Hierocrypt-3
نویسندگان
چکیده
Hierocrypt-3 is an SPN-based block cipher designed by Toshiba Corporation. It operates on 128-bit state using either 128, 192 or 256bit key. In this paper, we present two meet-in-the-middle attacks in the single-key setting on the 4-round reduced Hierocrypt-3 with 256-bit key. The first attack is based on the differential enumeration approach where we propose a truncated differential characteristic in the first 2.5 rounds and match a multiset of state differences at its output. The other attack is based on the original meet-in-the-middle attack strategy proposed by Demirci and Selçuk at FSE 2008 to attack reduced versions of both AES192 and AES-256. For our attack based on the differential enumeration, the master key is recovered with data complexity of 2 chosen plaintexts, time complexity of 2 4-round reduced Hierocrypt-3 encryptions and memory complexity of 2 128-bit blocks. The data, time and memory complexities of our second attack are 2, 2 and 2, respectively. To the best of our knowledge, these are the first attacks on 4-round reduced Hierocrypt-3.
منابع مشابه
Improved SQUARE Attacks against Reduced-Round HIEROCRYPT
We present improved Square attacks against the NESSIE and ECTP candidate block ciphers Hierocrypt-3 and Hierocrypt-L1, designed by Toshiba. We improve over the previous best known attack on five S-box layers of Hierocrypt-3 by a factor of 2 computational steps with an attack on six layers for 128-bit keys, and extend it to seven S-box layers for longer keys. For Hierocrypt-L1 we are able to imp...
متن کاملImproved Key Recovery Attack on Round-reduced Hierocrypt-L1 in the Single-Key Setting
Hierocrypt-L1 is a 64-bit block cipher with a 128-bit key. It was selected among the Japanese e-Government 2003 recommended ciphers list and has been reselected in the 2013 candidate recommended ciphers list. In this work, we cryptanalyze Hierocrypt-L1 in the single-key setting. In particular, we construct a 5 S-box layers distinguisher that we utilize to launch a meet-in-the-middle attack on 8...
متن کاملImproved Meet-in-the-Middle Attacks on Reduced-Round DES
The Data Encryption Standard (DES) is a 64-bit block cipher. Despite its short key size of 56 bits, DES continues to be used to protect financial transactions valued at billions of Euros. In this paper, we investigate the strength of DES against attacks that use a limited number of plaintexts and ciphertexts. By mounting meet-in-the-middle attacks on reduced-round DES, we find that up to 6-roun...
متن کاملImproved (Pseudo) Preimage Attacks on Reduced-Round GOST and Grøstl-256 and Studies on Several Truncation Patterns for AES-like Compression Functions
In this paper, we present improved preimage attacks on the reduced-round GOST hash function family, which serves as the new Russian hash standard, with the aid of techniques such as the rebound attack, the Meet-in-the-Middle preimage attack and the multicollisions. Firstly, the preimage attack on 5-round GOST-256 is proposed which is the first preimage attack for GOST-256 at the hash function l...
متن کاملMeet-in-the-Middle Attacks and Structural Analysis of Round-Reduced PRINCE
NXP Semiconductors and its academic partners challenged the cryptographic community with nding practical attacks on the block cipher they designed, PRINCE. Instead of trying to attack as many rounds as possible using attacks which are usually impractical despite being faster than brute-force, the challenge invites cryptographers to nd practical attacks and encourages them to actually implement ...
متن کامل