eprint.iacr.org will be offline for approximately an hour for routine maintenance again at 10pm UTC on Wednesday, April 17.

Paper 2015/1227

Single Key Recovery Attacks on 9-round Kalyna-128/256 and Kalyna-256/512

Akshima, Donghoon Chang, Mohona Ghosh, Aarushi Goel, and Somitra Kumar Sanadhya


The Kalyna block cipher has recently been established as the Ukranian encryption standard in June, 2015. It was selected in a Ukrainian National Public Cryptographic Competition running from 2007 to 2010. Kalyna supports block sizes and key lengths of 128, 256 and 512 bits. Denoting the variants of Kalyna as Kalyna-$b/k$, where $b$ denotes the block size and $k$ denotes the keylength, the design specifies $k \in \{b, 2b\}$. In this work, we re-evaluate the security bound of some reduced round Kalyna variants, specifically Kalyna-$128/256$ and Kalyna-$256/512$ against key recovery attacks in the single key model. We first construct new 6-round distinguishers and then use these distinguishers to demonstrate 9-round attacks on these Kalyna variants. These attacks improve the previous best 7-round attacks on the same.\\ Our 9-round attack on Kalyna-128/256 has data, time and memory complexity of $2^{105}$, $2^{245.83}$ and $2^{226.86}$ respectively. For our 9-round attack on Kalyna-256/512, the data/time/memory complexities are $2^{217}$, $2^{477.83}$ and $2^{443.45}$ respectively. The time and data complexities for Kalyna-256/512 reported in this work improve upon the previous best 7-round attack complexities on the same. The attacks presented in this work are currently the best on Kalyna. We apply multiset attack - a variant of meet-in-the-middle attack to achieve these results.

Available format(s)
Secret-key cryptography
Publication info
Published elsewhere. Major revision. ICISC 2015
Block cipherKalynaKey RecoveryDifferential enumerationSingle key model
Contact author(s)
aarushi12003 @ iiitd ac in
2015-12-23: received
Short URL
Creative Commons Attribution


      author = {Akshima and Donghoon Chang and Mohona Ghosh and Aarushi Goel and Somitra Kumar Sanadhya},
      title = {Single Key Recovery Attacks on 9-round Kalyna-128/256 and Kalyna-256/512},
      howpublished = {Cryptology ePrint Archive, Paper 2015/1227},
      year = {2015},
      note = {\url{https://eprint.iacr.org/2015/1227}},
      url = {https://eprint.iacr.org/2015/1227}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.