### Improved Meet-in-the-Middle Attacks on Reduced-Round Kalyna-128/256 and Kalyna-256/512

Li Lin and Wenling Wu

##### Abstract

Kalyna is an SPN-based block cipher that was selected during Ukrainian National Public Cryptographic Competition (2007-2010) and its slight modification was approved as the new encryption standard of Ukraine. In this paper, we focus on the key-recovery attacks on reduced-round Kalyna-128/256 and Kalyna-256/512 with meet-in-the-middle method. The differential enumeration technique and key-dependent sieve technique which are popular to analyze AES are used to attack them. Using the key-dependent sieve technique to improve the complexity is not an easy task, we should build some tables to achieve this. Since the encryption procedure of Kalyna employs a pre- and post-whitening operations using addition modulo $2^{64}$ applied on the state columns independently, we carefully study the propagation of this operation and propose an addition plaintext structure to solve this. For Kalyna-128/256, we propose a 6-round distinguisher, and achieve a 9-round (out of total 14-round) attack. For Kalyna-256/512, we propose a 7-round distinguisher, then achieve an 11-round (out of total 18-round) attack. As far as we know, these are currently the best results on Kalyna-128/256 and Kalyna-256/512.

Available format(s)
Category
Secret-key cryptography
Publication info
Preprint. Minor revision.
Keywords
Block CipherKalynaMeet-in-the-Middle AttackDifferential Enumeration TechniqueKey-Bridging Technique
Contact author(s)
linli @ tca iscas ac cn
wwl @ tca iscas ac cn
History
Short URL
https://ia.cr/2016/722

CC BY

BibTeX

@misc{cryptoeprint:2016/722,
author = {Li Lin and Wenling Wu},
title = {Improved Meet-in-the-Middle Attacks on Reduced-Round  Kalyna-128/256 and Kalyna-256/512},
howpublished = {Cryptology ePrint Archive, Paper 2016/722},
year = {2016},
note = {\url{https://eprint.iacr.org/2016/722}},
url = {https://eprint.iacr.org/2016/722}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.