Paper 2010/532

A 3-Subset Meet-in-the-Middle Attack: Cryptanalysis of the Lightweight Block Cipher KTANTAN

Andrey Bogdanov and Christian Rechberger


In this paper we describe a variant of existing meet-in-the-middle attacks on block ciphers. As an application, we propose meet-in-the-middle attacks that are applicable to the full 254-round KTANTAN family of block ciphers accepting a key of 80 bits. The attacks are due to some weaknesses in its bitwise key schedule. We report an attack of time complexity 2^75.170 encryptions on the full KTANTAN32 cipher with only 3 plaintext/ciphertext pairs and well as 2^75.044 encryptions on the full KTANTAN48 and 2^75.584 encryptions on the full KTANTAN64 with 2 plaintext/ciphertext pairs. All these attacks work in the classical attack model without any related keys. In the differential related-key model, we demonstrate 218- and 174-round differentials holding with probability 1. This shows that a strong related-key property can translate to a successful attack in the non-related-key setting. Having extremely low data requirements, these attacks are valid even in RFID-like environments where only a very limited amount of text material may be available to an attacker.

Note: Fixed typos and extended acknowledgements.

Available format(s)
Secret-key cryptography
Publication info
Published elsewhere. An extended version of the paper accepted for SAC 2010
cryptanalysismeet-in-the-middle attacksblock cipherkey schedulelightweight cipherkey-recoveryRFID
Contact author(s)
and bogdanov @ googlemail com
christian rechberger @ groestl info
2011-02-14: revised
2010-10-19: received
See all versions
Short URL
Creative Commons Attribution


      author = {Andrey Bogdanov and Christian Rechberger},
      title = {A 3-Subset Meet-in-the-Middle Attack: Cryptanalysis of the Lightweight Block Cipher KTANTAN},
      howpublished = {Cryptology ePrint Archive, Paper 2010/532},
      year = {2010},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.