Paper 2016/722

Improved Meet-in-the-Middle Attacks on Reduced-Round Kalyna-128/256 and Kalyna-256/512

Li Lin and Wenling Wu


Kalyna is an SPN-based block cipher that was selected during Ukrainian National Public Cryptographic Competition (2007-2010) and its slight modification was approved as the new encryption standard of Ukraine. In this paper, we focus on the key-recovery attacks on reduced-round Kalyna-128/256 and Kalyna-256/512 with meet-in-the-middle method. The differential enumeration technique and key-dependent sieve technique which are popular to analyze AES are used to attack them. Using the key-dependent sieve technique to improve the complexity is not an easy task, we should build some tables to achieve this. Since the encryption procedure of Kalyna employs a pre- and post-whitening operations using addition modulo $2^{64}$ applied on the state columns independently, we carefully study the propagation of this operation and propose an addition plaintext structure to solve this. For Kalyna-128/256, we propose a 6-round distinguisher, and achieve a 9-round (out of total 14-round) attack. For Kalyna-256/512, we propose a 7-round distinguisher, then achieve an 11-round (out of total 18-round) attack. As far as we know, these are currently the best results on Kalyna-128/256 and Kalyna-256/512.

Available format(s)
Secret-key cryptography
Publication info
Preprint. Minor revision.
Block CipherKalynaMeet-in-the-Middle AttackDifferential Enumeration TechniqueKey-Bridging Technique
Contact author(s)
linli @ tca iscas ac cn
wwl @ tca iscas ac cn
2016-07-21: received
Short URL
Creative Commons Attribution


      author = {Li Lin and Wenling Wu},
      title = {Improved Meet-in-the-Middle Attacks on Reduced-Round  Kalyna-128/256 and Kalyna-256/512},
      howpublished = {Cryptology ePrint Archive, Paper 2016/722},
      year = {2016},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.