Paper 2010/532

A 3-Subset Meet-in-the-Middle Attack: Cryptanalysis of the Lightweight Block Cipher KTANTAN

Andrey Bogdanov and Christian Rechberger

Abstract

In this paper we describe a variant of existing meet-in-the-middle attacks on block ciphers. As an application, we propose meet-in-the-middle attacks that are applicable to the full 254-round KTANTAN family of block ciphers accepting a key of 80 bits. The attacks are due to some weaknesses in its bitwise key schedule. We report an attack of time complexity 2^75.170 encryptions on the full KTANTAN32 cipher with only 3 plaintext/ciphertext pairs and well as 2^75.044 encryptions on the full KTANTAN48 and 2^75.584 encryptions on the full KTANTAN64 with 2 plaintext/ciphertext pairs. All these attacks work in the classical attack model without any related keys. In the differential related-key model, we demonstrate 218- and 174-round differentials holding with probability 1. This shows that a strong related-key property can translate to a successful attack in the non-related-key setting. Having extremely low data requirements, these attacks are valid even in RFID-like environments where only a very limited amount of text material may be available to an attacker.

Note: Fixed typos and extended acknowledgements.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. An extended version of the paper accepted for SAC 2010
Keywords
cryptanalysismeet-in-the-middle attacksblock cipherkey schedulelightweight cipherkey-recoveryRFID
Contact author(s)
and bogdanov @ googlemail com
christian rechberger @ groestl info
History
2011-02-14: revised
2010-10-19: received
See all versions
Short URL
https://ia.cr/2010/532
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2010/532,
      author = {Andrey Bogdanov and Christian Rechberger},
      title = {A 3-Subset Meet-in-the-Middle Attack: Cryptanalysis of the Lightweight Block Cipher KTANTAN},
      howpublished = {Cryptology ePrint Archive, Paper 2010/532},
      year = {2010},
      note = {\url{https://eprint.iacr.org/2010/532}},
      url = {https://eprint.iacr.org/2010/532}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.