Cryptology ePrint Archive: Report 2011/160

Cryptanalysis of ARMADILLO2

Mohamed Ahmed Abdelraheem and Céline Blondeau and María Naya-Plasencia and Marion Videau and Erik Zenner

Abstract: ARMADILLO2 is the recommended variant of a multi-purpose cryptographic primitive dedicated to hardware which has been proposed by Badel et al. in [1]. In this paper we propose a meet-in-the-middle technique that allows us to invert the ARMADILLO2 function. Using this technique we are able to perform a key recovery attack on ARMADILLO2 in FIL-MAC application mode. A variant of this attack can also be applied when ARMADILLO2 is used as a stream cipher in the PRNG application mode. Finally we propose a (second) preimage attack on its hashing application mode. All the cryptanalysis presented in this paper can be applied for any arbitrary bitwise permutations $\sigma_0$ and $\sigma_1$ used in the internal permutation.

Category / Keywords: ARMADILLO2, meet-in-the-middle, key recovery attack, preimage attack, parallel matching

Date: received 31 Mar 2011, last revised 12 Sep 2011

Contact author: maria naya plasencia at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20110912:095546 (All versions of this report)

Short URL: ia.cr/2011/160

Discussion forum: Show discussion | Start new discussion