Paper 2015/533

Related-Key Rectangle Attack on Round-reduced \textit{Khudra} Block Cipher

Xiaoshuang Ma and Kexin Qiao

Abstract

\textit{Khudra} is a block cipher proposed in the SPACE'2014 conference, whose main design goal is to achieve suitability for the increasingly popular Field Programmable Gate Array (FPGA) implementation. It is an 18-round lightweight cipher based on recursive Feistel structure, with a 64-bit block size and 80-bit key size. In this paper, we compute the minimum number of active $F$-functions in differential characteristics in the related-key setting, and give a more accurate measurement of the resistance of \textit{Khudra} against related-key differential cryptanalysis. We construct a related-key boomerang quartet with probability $2^{-48}$ for the 14-round \textit{Khudra}, which is better than the highest probability related-key boomerang quartet of the 14-round \textit{Khudra} of probability at most $2^{-72}$ claimed by the designers. Then we propose a related-key rectangle attack on the 16-round \textit{Khudra} without whitening key by constructing a related-key rectangle distinguisher for 12-round \textit{Khudra} with a probability of $2^{-23.82}$. The attack has time complexity of $2^{78.68}$ memory accesses and data complexity of $2^{57.82}$ chosen plaintexts, and requires only four related keys. This is the best known attack on the round-reduced \textit{Khudra}.

Metadata
Available format(s)
PDF
Publication info
Preprint.
Keywords
\textit{Khudra} block cipherrectangle attackrelated-key attack
Contact author(s)
xshma13 @ is ac cn
History
2015-06-05: received
Short URL
https://ia.cr/2015/533
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2015/533,
      author = {Xiaoshuang Ma and Kexin Qiao},
      title = {Related-Key Rectangle Attack on Round-reduced \textit{Khudra} Block Cipher},
      howpublished = {Cryptology {ePrint} Archive, Paper 2015/533},
      year = {2015},
      url = {https://eprint.iacr.org/2015/533}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.