Paper 2017/1026

Cube Attack against Full Kravatte

Jian Guo and Ling Song

Abstract

This note analyzes the security of Kravatte against the cube attack. We provide an analysis result which recovers the master key of the current version of full Kravatte with data and time complexities $2^{136.01}$, and negligible memory. The same could be applied to the first version of Kravatte with complexities of $2^{38.04}$, which could be carried out in practice. These results are possible thanks to a clever way of constructing affine spaces bypassing the first permutation layer of Kravatte proposed by the designers and a simple yet efficient way to invert the last layer of Sbox in Kravatte.

Note: The note has been merged and published in the paper entitled "Key-Recovery Attacks on Full Kravatte" at ToSC 2018 Issue 1.