Paper 2016/1160

Meet-in-the-Middle Attack on QARMA Block Cipher

Rui Zong and Xiaoyang Dong

Abstract

QARMA is a recently published lightweight tweakable block cipher, which has been used by the ARMv8 architecture to support a software protection feature. In this paper, using the method of MITM, we give the first distinguisher of QARMA block cipher. It is made up of the \emph{Pseudo-Reflector} construction with two forward rounds and three backward rounds. By adding two rounds on the top and three rounds on the bottom of the distinguisher, together with the idea of the differential enumeration technique and the key-dependent sieve skill, we achieve a 10-round (of 16-round) key recovery attack with memory complexity of $2^{116}$ 192-bit space, data complexity of $2^{53}$ chosen plaintexts and time complexity of $2^{70.1}$ encryption units. Furthermore, we use the same distinguisher to attack QARMA-128 which also includes 10 (of 24) round functions and the $\emph{Pseudo-Refector}$ construction. The memory complexity is $2^{232}$ 384-bit space, the data complexity is $2^{105}$ chosen plaintexts and the time complexity is $2^{141.7}$ encryption units. These are the first attacks on QARMA and do not threaten the security of full round QARMA.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
QARMALightweight Tweakable Block CipherMeet-in-the-Middle Attack
Contact author(s)
zongrui @ mail sdu edu cn
History
2016-12-28: received
Short URL
https://ia.cr/2016/1160
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2016/1160,
      author = {Rui Zong and Xiaoyang Dong},
      title = {Meet-in-the-Middle Attack on {QARMA} Block Cipher},
      howpublished = {Cryptology {ePrint} Archive, Paper 2016/1160},
      year = {2016},
      url = {https://eprint.iacr.org/2016/1160}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.