Paper 2015/1165

Meet-in-the-Middle Attacks on Reduced-Round Midori-64

Li Lin and Wenling Wu

Abstract

Midori is a lightweight block cipher designed by Banik et al. at ASIACRYPT 2015. One version of Midori uses a 64-bit state, another uses a 128-bit state and we denote these versions Midori-64 and Midori-128. Each of these versions uses a 128-bit key. In this paper, we focus on the key-recovery attacks on reduced-round Midori-64 with meet-in-the-middle method. We use the differential enumeration technique and key-dependent sieve technique which are popular to analyze AES to attack Midori-64. We propose a 6-round distinguisher, and achieve a 10-round attack with time complexity of 2^{99.5} 10-round Midori-64 encryptions, data complexity of 2^{61.5} chosen-plaintexts and memory complexity of 2^{92.7} 64-bit blocks. After that, by adding one round at the end, we get an 11-round attack with time complexity of 2^{122} 11-round Midori-64 encryptions, data complexity of 2^{53} chosen-plaintexts and memory complexity of 2^{89.2} 64-bit blocks. Finally, with a 7-round distinguisher, we get an attack on 12-round Midori-64 with time complexity of 2^{125.5} 12-round Midori-64 encryptions, data complexity of 2^{55.5} chosen-plaintexts and memory complexity of 2^{106} 64-bit blocks. To the best of our knowledge, this is recently the best attack on Midori-64.