Paper 2013/756

A Meet-in-the-middle Attack on Round-Reduced mCrypton

Yonglin Hao, Dongxia Bai

Abstract

The meet-in-the-middle (MITM) attack on AES is a great success. In this paper, we apply the method to the lightweight SPN block cipher mCrypton. We prove that the multiset technique used to analyze AES can not be applied directly to mCrypton due to the scarcity of information. As a solution, we replace the unordered multiset with the ordered sequence. We lower the memory requirement from $2^{100}$ to $2^{44}$ using the efficient differential enumeration technique. Based on these modifications, we construct a MITM attack on 7-round mCrypton-64/96/128 with complexities of $2^{44}$ 64-bit blocks and $2^{57}$ encryptions. We further extend the attack to 8 and 9 rounds for mCrypton-128 by adding some key-bridging techniques. The 8-round attack requires $2^{44}$ blocks and $2^{96}$ encryptions while the 9-round attack needs $2^{120}$ blocks and $2^{116}$ encryptions.