Paper 2015/160

Differential-Linear Cryptanalysis of ICEPOLE

Tao Huang, Ivan Tjuawinata, and Hongjun Wu

Abstract

ICEPOLE is a CAESAR candidate with the intermediate level of robustness under nonce misuse circumstances in the original document. In particular, it was claimed that key recovery attack against ICEPOLE is impossible in the case of nonce misuse. ICEPOLE is strong against the differential cryptanalysis and linear cryptanalysis. In this paper, we developed the differential-linear attacks against ICEPOLE when nonce is misused. Our attacks show that the state of ICEPOLE-128 and ICEPOLE-128a can be recovered with data complexity $2^{46}$ and time complexity $2^{46}$; the state of ICEPOLE-256a can be recovered with data complexity $2^{60}$ and time complexity $2^{60}$. For ICEPOLE-128a and ICEPOLE-256a, the secret key is recovered once the state is recovered. We experimentally verified the attacks against ICEPOLE-128 and ICEPOLE-128a.

Metadata
Available format(s)
PDF
Publication info
Published by the IACR in FSE 2015
Keywords
ICEPOLEAuthenticated cipherCAESARDifferential-linear cryptanalysis
Contact author(s)
huangtao @ ntu edu sg
History
2015-02-27: received
Short URL
https://ia.cr/2015/160
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2015/160,
      author = {Tao Huang and Ivan Tjuawinata and Hongjun Wu},
      title = {Differential-Linear Cryptanalysis of ICEPOLE},
      howpublished = {Cryptology ePrint Archive, Paper 2015/160},
      year = {2015},
      note = {\url{https://eprint.iacr.org/2015/160}},
      url = {https://eprint.iacr.org/2015/160}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.