Cryptology ePrint Archive: Report 2015/1165

Meet-in-the-Middle Attacks on Reduced-Round Midori-64

Li Lin and Wenling Wu

Abstract: Midori is a lightweight block cipher designed by Banik et al. at ASIACRYPT 2015. One version of Midori uses a 64-bit state, another uses a 128-bit state and we denote these versions Midori-64 and Midori-128. Each of these versions uses a 128-bit key. In this paper, we focus on the key-recovery attacks on reduced-round Midori-64 with meet-in-the-middle method. We use the differential enumeration technique and key-dependent sieve technique which are popular to analyze AES to attack Midori-64. We propose a 6-round distinguisher, and achieve a 10-round attack with time complexity of 2^{99.5} 10-round Midori-64 encryptions, data complexity of 2^{61.5} chosen-plaintexts and memory complexity of 2^{92.7} 64-bit blocks. After that, by adding one round at the end, we get an 11-round attack with time complexity of 2^{122} 11-round Midori-64 encryptions, data complexity of 2^{53} chosen-plaintexts and memory complexity of 2^{89.2} 64-bit blocks. Finally, with a 7-round distinguisher, we get an attack on 12-round Midori-64 with time complexity of 2^{125.5} 12-round Midori-64 encryptions, data complexity of 2^{55.5} chosen-plaintexts and memory complexity of 2^{106} 64-bit blocks. To the best of our knowledge, this is recently the best attack on Midori-64.

Category / Keywords: secret-key cryptography / Block Cipher, Meet-in-the-Middle Attack, Midori-64

Date: received 1 Dec 2015, last revised 5 Dec 2015

Contact author: linli at tca iscas ac cn;wwl@tca iscas ac cn;

Available format(s): PDF | BibTeX Citation

Version: 20151205:095243 (All versions of this report)

Short URL: ia.cr/2015/1165

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]