Paper 2016/732

Nonlinear Invariant Attack --Practical Attack on Full SCREAM, iSCREAM, and Midori64

Yosuke Todo, Gregor Leander, and Yu Sasaki

Abstract

In this paper we introduce a new type of attack, called nonlinear invariant attack. As application examples, we present new attacks that are able to distinguish the full versions of the (tweakable) block ciphers Scream, iScream and Midori64 in a weak-key setting. Those attacks require only a handful of plaintext-ciphertext pairs and have minimal computational costs. Moreover, the nonlinear invariant attack on the underlying (tweakable) block cipher can be extended to a ciphertext-only attack in well-known modes of operation such as CBC or CTR. The plaintext of the authenticated encryption schemes SCREAM and iSCREAM can be practically recovered only from the ciphertexts in the nonce-respecting setting. This is the first result breaking a security claim of SCREAM. Moreover, the plaintext in Midori64 with well-known modes of operation can practically be recovered. All of our attacks are experimentally verified.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
A minor revision of an IACR publication in ASIACRYPT 2016
Keywords
Nonlinear invariant attackBoolean functionSCREAMiSCREAMMidori64CAESAR competition
Contact author(s)
todo yosuke @ lab ntt co jp
History
2016-09-26: last of 2 revisions
2016-07-28: received
See all versions
Short URL
https://ia.cr/2016/732
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2016/732,
      author = {Yosuke Todo and Gregor Leander and Yu Sasaki},
      title = {Nonlinear Invariant Attack --Practical Attack on Full SCREAM, iSCREAM, and Midori64},
      howpublished = {Cryptology ePrint Archive, Paper 2016/732},
      year = {2016},
      note = {\url{https://eprint.iacr.org/2016/732}},
      url = {https://eprint.iacr.org/2016/732}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.