Cryptology ePrint Archive: Report 2014/425

Note of Multidimensional MITM Attack on 25-Round TWINE-128

Long Wen and Meiqin Wang and Andrey Bogdanov and Huaifeng Chen

Abstract: TWINE is a lightweight block cipher proposed in SAC 2012 by Suzaki et al. TWINE operates on 64-bit block and supports 80 or 128-bit key, denoted as TWINE-80 and TWINE-128 respectively. TWINE has attracted some attention since its publication and its security has been analyzed against several cryptanalytic techniques in both single-key and related-key settings. In the single-key setting, the best attack so far is reported by Boztaş et al. at LightSec'13, where a splice-and-cut attack on 21-round TWINE-128 and a multidimensional meet-in-the-middle (MITM) attack on 25-round TWINE-128 are presented. Yet, the evaluation of the time complexity of the multidimensional MITM attack on 25-round TWINE-128 is somehow controversial in the way we understand. We here describe the attack in detail and explains our concerns about the time complexity of the attack. And it turns out that the multidimensional MITM attack on 25-round TWINE-128 may have a time complexity higher than exhaustive search.

Category / Keywords: secret-key cryptography / Block Ciphers, Cryptanalysis, TWINE, Multidimensional MITM Attack

Date: received 3 Jun 2014, last revised 3 Jun 2014

Contact author: longwen6 at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20140606:140932 (All versions of this report)

Short URL: ia.cr/2014/425

Discussion forum: Show discussion | Start new discussion