Meet-in-the-Middle Attacks on Round-Reduced Khudra

Khudra is a hardware-oriented lightweight block cipher that is designed to run efficiently on Field Programmable Gate Arrays. It employs an 18-rounds Generalized type-2 Feistel Structure with a 64bit block length and an 80-bit key. In this paper, we present Meet-inthe-Middle (MitM) attacks on 13 and 14 round-reduced Khudra. These attacks are based on finding a distinguisher that is evaluated offline independently of the key. Then in an online phase, some rounds are appended before and after the distinguisher and the correct key candidates for these rounds are checked whether they verify the distinguisher property or not. Using this technique, we find two 6-round distinguishers and use them to attack 13 and 14 rounds of Khudra with time complexity of 2 and 2, respectively. Both attacks require the same data and memory complexities of 2 chosen plaintexts and 2 64-bit blocks, respectively.