Cryptology ePrint Archive: Report 2016/1160

Meet-in-the-Middle Attack on QARMA Block Cipher

Rui Zong and Xiaoyang Dong

Abstract: QARMA is a recently published lightweight tweakable block cipher, which has been used by the ARMv8 architecture to support a software protection feature. In this paper, using the method of MITM, we give the first distinguisher of QARMA block cipher. It is made up of the \emph{Pseudo-Reflector} construction with two forward rounds and three backward rounds. By adding two rounds on the top and three rounds on the bottom of the distinguisher, together with the idea of the differential enumeration technique and the key-dependent sieve skill, we achieve a 10-round (of 16-round) key recovery attack with memory complexity of $2^{116}$ 192-bit space, data complexity of $2^{53}$ chosen plaintexts and time complexity of $2^{70.1}$ encryption units. Furthermore, we use the same distinguisher to attack QARMA-128 which also includes 10 (of 24) round functions and the $\emph{Pseudo-Refector}$ construction. The memory complexity is $2^{232}$ 384-bit space, the data complexity is $2^{105}$ chosen plaintexts and the time complexity is $2^{141.7}$ encryption units. These are the first attacks on QARMA and do not threaten the security of full round QARMA.

Category / Keywords: secret-key cryptography / QARMA, Lightweight Tweakable Block Cipher, Meet-in-the-Middle Attack

Date: received 18 Dec 2016

Contact author: zongrui at mail sdu edu cn

Available format(s): PDF | BibTeX Citation

Version: 20161228:140332 (All versions of this report)

Short URL: ia.cr/2016/1160

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]