### Key Recovery Attack against 2.5-round pi-Cipher

Christina Boura, Avik Chakraborti, Gaëtan Leurent, Goutam Paul, Dhiman Saha, Hadi Soleimany, and Valentin Suder

##### Abstract

In this paper, we propose a guess and determine attack against some variants of the &#960;-Cipher family of authenticated ciphers. This family of ciphers is a second-round candidate of the CAESAR competition. More precisely, we show a key recovery attack with time complexity little higher than 24^&#969;, and low data complexity, against variants of the cipher with &#969;-bit words, when the internal permutation is reduced to 2.5 rounds. In particular, this gives an attack with time complexity 2^72 against the variant &#960;16-Cipher096 (using 16-bit words) reduced to 2.5 rounds, while the authors claim 96 bits of security with 3 rounds in their second-round submission. Therefore, the security margin for this variant of &#960;-Cipher is very limited. The attack can also be applied to lightweight variants that are not included in the CAESAR proposal, and use only two rounds. The lightweight variants &#960;16-Cipher096 and &#960;16-Cipher128 claim 96 bits and 128 bits of security respectively, but our attack can break the full 2 rounds with complexity 2^72. Finally, the attack can be applied to reduced versions of two more variants of &#960;-Cipher that were proposed in the first-round submission with 4 rounds: &#960;16-Cipher128 (using 16-bit words) and &#960;32-Cipher256 (using 32-bit words). The attack on 2.5 rounds has complexity 2^72 and 2^137 respectively, while the security claim for 4 rounds are 128 bits and 256 bits of security.

Available format(s)
Category
Secret-key cryptography
Publication info
Contact author(s)
xristina mpoura @ gmail com
History
Short URL
https://ia.cr/2016/502

CC BY

BibTeX

@misc{cryptoeprint:2016/502,
author = {Christina Boura and Avik Chakraborti and Gaëtan Leurent and Goutam Paul and Dhiman Saha and Hadi Soleimany and Valentin Suder},
title = {Key Recovery Attack against 2.5-round pi-Cipher},
howpublished = {Cryptology ePrint Archive, Paper 2016/502},
year = {2016},
note = {\url{https://eprint.iacr.org/2016/502}},
url = {https://eprint.iacr.org/2016/502}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.