Paper 2014/425

Note of Multidimensional MITM Attack on 25-Round TWINE-128

Long Wen, Meiqin Wang, Andrey Bogdanov, and Huaifeng Chen


TWINE is a lightweight block cipher proposed in SAC 2012 by Suzaki et al. TWINE operates on 64-bit block and supports 80 or 128-bit key, denoted as TWINE-80 and TWINE-128 respectively. TWINE has attracted some attention since its publication and its security has been analyzed against several cryptanalytic techniques in both single-key and related-key settings. In the single-key setting, the best attack so far is reported by Boztaş et al. at LightSec'13, where a splice-and-cut attack on 21-round TWINE-128 and a multidimensional meet-in-the-middle (MITM) attack on 25-round TWINE-128 are presented. Yet, the evaluation of the time complexity of the multidimensional MITM attack on 25-round TWINE-128 is somehow controversial in the way we understand. We here describe the attack in detail and explains our concerns about the time complexity of the attack. And it turns out that the multidimensional MITM attack on 25-round TWINE-128 may have a time complexity higher than exhaustive search.

Available format(s)
Secret-key cryptography
Publication info
Preprint. MINOR revision.
Block CiphersCryptanalysisTWINEMultidimensional MITM Attack
Contact author(s)
longwen6 @ gmail com
2014-06-06: received
Short URL
Creative Commons Attribution


      author = {Long Wen and Meiqin Wang and Andrey Bogdanov and Huaifeng Chen},
      title = {Note of Multidimensional MITM Attack on 25-Round TWINE-128},
      howpublished = {Cryptology ePrint Archive, Paper 2014/425},
      year = {2014},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.