Cryptology ePrint Archive: Report 2015/418

Optimized Interpolation Attacks on LowMC

Itai Dinur and Yunwen Liu and Willi Meier and Qingju Wang

Abstract: LowMC is a collection of block cipher families introduced at Eurocrypt 2015 by Albrecht et al. Its design is optimized for instantiations of multi-party computation, fully homomorphic encryption, and zero-knowledge proofs. A unique feature of LowMC is that its internal affine layers are chosen at random, and thus each block cipher family contains a huge number of instances. The Eurocrypt paper proposed two specific block cipher families of LowMC, having 80-bit and 128-bit keys.

In this paper, we mount interpolation attacks (algebraic attacks introduced by Jakobsen and Knudsen) on LowMC, and show that a practically significant fraction of $2^{-38}$ of its 80-bit key instances could be broken $2^{23}$ times faster than exhaustive search. Moreover, essentially all instances that are claimed to provide 128-bit security could be broken about $1000$ times faster. In order to obtain these results, we had to develop novel techniques and optimize the original interpolation attack in new ways. While some of our new techniques exploit specific internal properties of LowMC, others are more generic and could be applied, in principle, to any block cipher.

Category / Keywords: secret-key cryptography / Block cipher, LowMC, high-order differential cryptanalysis, interpolation attack.

Date: received 3 May 2015, last revised 4 May 2015

Contact author: dinur at di ens fr

Available format(s): PDF | BibTeX Citation

Version: 20150505:191920 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]