Cryptology ePrint Archive: Report 2016/722

Improved Meet-in-the-Middle Attacks on Reduced-Round Kalyna-128/256 and Kalyna-256/512

Li Lin and Wenling Wu

Abstract: Kalyna is an SPN-based block cipher that was selected during Ukrainian National Public Cryptographic Competition (2007-2010) and its slight modification was approved as the new encryption standard of Ukraine. In this paper, we focus on the key-recovery attacks on reduced-round Kalyna-128/256 and Kalyna-256/512 with meet-in-the-middle method. The differential enumeration technique and key-dependent sieve technique which are popular to analyze AES are used to attack them. Using the key-dependent sieve technique to improve the complexity is not an easy task, we should build some tables to achieve this. Since the encryption procedure of Kalyna employs a pre- and post-whitening operations using addition modulo $2^{64}$ applied on the state columns independently, we carefully study the propagation of this operation and propose an addition plaintext structure to solve this. For Kalyna-128/256, we propose a 6-round distinguisher, and achieve a 9-round (out of total 14-round) attack. For Kalyna-256/512, we propose a 7-round distinguisher, then achieve an 11-round (out of total 18-round) attack. As far as we know, these are currently the best results on Kalyna-128/256 and Kalyna-256/512.

Category / Keywords: secret-key cryptography / Block Cipher, Kalyna, Meet-in-the-Middle Attack, Differential Enumeration Technique, Key-Bridging Technique

Date: received 21 Jul 2016

Contact author: linli at tca iscas ac cn; wwl@tca iscas ac cn;

Available format(s): PDF | BibTeX Citation

Version: 20160721:150327 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]