Paper 2011/160

Cryptanalysis of ARMADILLO2

Mohamed Ahmed Abdelraheem, Céline Blondeau, María Naya-Plasencia, Marion Videau, and Erik Zenner


ARMADILLO2 is the recommended variant of a multi-purpose cryptographic primitive dedicated to hardware which has been proposed by Badel et al. in [1]. In this paper we propose a meet-in-the-middle technique that allows us to invert the ARMADILLO2 function. Using this technique we are able to perform a key recovery attack on ARMADILLO2 in FIL-MAC application mode. A variant of this attack can also be applied when ARMADILLO2 is used as a stream cipher in the PRNG application mode. Finally we propose a (second) preimage attack on its hashing application mode. All the cryptanalysis presented in this paper can be applied for any arbitrary bitwise permutations $\sigma_0$ and $\sigma_1$ used in the internal permutation.

Available format(s)
Publication info
Published elsewhere. Unknown where it was published
ARMADILLO2meet-in-the-middlekey recovery attackpreimage attackparallel matching
Contact author(s)
maria naya plasencia @ gmail com
2011-09-12: last of 4 revisions
2011-03-31: received
See all versions
Short URL
Creative Commons Attribution


      author = {Mohamed Ahmed Abdelraheem and Céline Blondeau and María Naya-Plasencia and Marion Videau and Erik Zenner},
      title = {Cryptanalysis of ARMADILLO2},
      howpublished = {Cryptology ePrint Archive, Paper 2011/160},
      year = {2011},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.