Paper 2017/1012

Conditional Cube Attack on Round-Reduced River Keyak

Wenquan Bi, Zheng Li, Xiaoyang Dong, Lu Li, and Xiaoyun Wang

Abstract

This paper evaluates the security level of the River Keyak against the cube-like attack. River Keyak is the only lightweight scheme of the Keccak-permutation-based Authenticated Encryption Cipher Keyak, which is one of the 16 survivors of the 3rd round CAESAR competition. Dinur et al. gave the seven-round cube-like attack on Lake Keyak (1600-bit) using the divide-and-conquer method at EUROCRYPT 2015, then Huang et al. improved the result to 8-round using a new conditional cube attack at EUROCRYPT 2017. While for River Keyak, the 800-bit state is so small that the equivalent key (256-bit capacity) occupy double lanes, the attacks can not be applied to the River Keyak trivially. In this paper, we comprehensively explore the conditional cube attack on the small state (800-bit) River Keyak. Firstly, we find a new conditional cube variable which has a much weaker diffusion than Huang et al.'s, this makes the conditional cube attack possible for small state (800-bit) River Keyak. Then we find enough cube variables for 6/7-round River Keyak and successfully launch the key recovery attacks on 6/7-round River Keyak with the time complexity $2^{33}$ and $2^{49}$ respectively. We also verify the 6 and 7-round attack on a laptop. Finally, by using linear structure technique with our new conditional cube variable, we greatly increase the freedom degree to find more cube variables for conditional cube attacks as it is complex for 800-bit state to find enough cube variables for 8-round attack. And then we use the new variables by this new method to launch 8-round conditional cube attack with the time complexity $2^{81}$. These are the first cryptanalysis results on round-reduced River Keyak. Our attacks do not threaten the full-round (12) River Keyak.

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. Minor revision. Designs, Codes and Cryptography
Keywords
secret-key encryption
Contact author(s)
xiaoyangdong @ tsinghua edu cn
biwenquan @ 163 com
History
2017-10-18: received
Short URL
https://ia.cr/2017/1012
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2017/1012,
      author = {Wenquan Bi and Zheng Li and Xiaoyang Dong and Lu Li and Xiaoyun Wang},
      title = {Conditional Cube Attack on Round-Reduced River Keyak},
      howpublished = {Cryptology ePrint Archive, Paper 2017/1012},
      year = {2017},
      note = {\url{https://eprint.iacr.org/2017/1012}},
      url = {https://eprint.iacr.org/2017/1012}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.