We show a first application of the generalized linear partitioning technique on FEAL-8X, revisiting the attack of Biham and Carmeli. We manage to reduce the data complexity from 2^14 to 2^12 known plaintexts, while the time complexity increases from 2^45 to 2^47.
Then, we use these technique to analyze Chaskey, a recent MAC proposal by Mouha et al, that is being studied for standardisation by ISO and ITU-T. Chaskey uses an ARX structure very similar to SipHash. We use a differential-linear attack with improvements from the partitioning technique, combined with a convolution-based method to reduce the time complexity. This leads to an attack on 6 rounds with 2^25 data and 2^28.6 time (verified experimentally), and an attack on 7 rounds with 2^48 data and 2^67 time. These results show that the full version of Chaskey with 8 rounds has a rather small security margin.
Category / Keywords: secret-key cryptography / Differential cryptanalysis, linear cryptanalysis, ARX, addition, partitioning, Chaskey, FEAL Date: received 8 Oct 2015 Contact author: Gaetan Leurent at inria fr Available format(s): PDF | BibTeX Citation Version: 20151009:210759 (All versions of this report) Short URL: ia.cr/2015/968 Discussion forum: Show discussion | Start new discussion