In this paper, we mount interpolation attacks (algebraic attacks introduced by Jakobsen and Knudsen) on LowMC, and show that a practically significant fraction of $2^{-38}$ of its 80-bit key instances could be broken $2^{23}$ times faster than exhaustive search. Moreover, essentially all instances that are claimed to provide 128-bit security could be broken about $1000$ times faster. In order to obtain these results, we had to develop novel techniques and optimize the original interpolation attack in new ways. While some of our new techniques exploit specific internal properties of LowMC, others are more generic and could be applied, in principle, to any block cipher.
Category / Keywords: secret-key cryptography / Block cipher, LowMC, high-order differential cryptanalysis, interpolation attack. Date: received 3 May 2015, last revised 4 May 2015 Contact author: dinur at di ens fr Available format(s): PDF | BibTeX Citation Version: 20150505:191920 (All versions of this report) Short URL: ia.cr/2015/418 Discussion forum: Show discussion | Start new discussion