Practical Key-Recovery Attack on MANTIS5
نویسندگان
چکیده
MANTIS is a lightweight tweakable block cipher recently published at CRYPTO 2016. In addition to the full 14-round version, MANTIS7, the designers also propose an aggressive 10-round version, MANTIS5. The security claim for MANTIS5 is resistance against “practical attacks”, defined as related-tweak attacks with data complexity 2 less than 2 chosen plaintexts (or 2 known plaintexts), and computational complexity at most 2126−d. We present a key-recovery attack against MANTIS5 with 2 28 chosen plaintexts and a computational complexity of about 2 block cipher calls, which violates this claim. Our attack is based on a family of differential characteristics and exploits several properties of the lightweight round function and tweakey schedule. To verify the validity of the attack, we also provide a practical implementation which recovers the full key in about 1 core hour using 2 chosen plaintexts.
منابع مشابه
Clustering Related-Tweak Characteristics: Application to MANTIS-6
The TWEAKEY/STK construction is an increasingly popular approach for designing tweakable block ciphers that notably uses a linear tweakey schedule. Several recent attacks have analyzed the implications of this approach for differential cryptanalysis and other attacks that can take advantage of related tweakeys. We generalize the clustering approach of a recent differential attack on the tweakab...
متن کاملA practical state recovery attack on the stream cipher Sablier v1
Sablier is an authenticated encryption cipher submitted to the CAESAR competition, which is composed of the encryption Sablier v1 and the authentication Au. In this work we present a state recovery attack against the encryption Sablier v1 with time complexity about 2 operations and data complexity about 24 of 16-bit keywords. Our attack is practical in the workstation. It is noticed that the up...
متن کاملOn zero practical significance of "Key recovery attack on full GOST block cipher with zero time and memory"
In this paper we show that the related key boomerang attack by E. Fleischmann et al. from the paper mentioned in the title does not allow to recover the master key of the GOST block cipher with complexity less than the complexity of the exhaustive search. Next we present modified attacks. Finally we argue that these attacks and the related key approach itself are of extremely limited practical ...
متن کاملBiclique Cryptanalysis of Block Ciphers LBlock and TWINE-80 with Practical Data Complexity
In the biclique attack, a shorter biclique usually results in less data complexity, but at the expense of more computational complexity. The early abort technique can be used in partial matching part of the biclique attack in order to slightly reduce the computations. In this paper, we make use of this technique, but instead of slight improvement in the computational complexity, we keep the amo...
متن کاملPractical Key-Recovery for All Possible Parameters of SFLASH
In this paper we present a new practical key-recovery attack on the SFLASH signature scheme. SFLASH is a derivative of the older C∗ encryption and signature scheme that was broken in 1995 by Patarin. In SFLASH, the public key is truncated, and this simple countermeasure prevents Patarin’s attack. The scheme is well-known for having been considered secure and selected in 2004 by the NESSIE proje...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Trans. Symmetric Cryptol.
دوره 2016 شماره
صفحات -
تاریخ انتشار 2016