Cryptology ePrint Archive: Report 2017/1136

Clustering Related-Tweak Characteristics: Application to MANTIS-6

Maria Eichlseder and Daniel Kales

Abstract: The TWEAKEY/STK construction is an increasingly popular approach for designing tweakable block ciphers that notably uses a linear tweakey schedule. Several recent attacks have analyzed the implications of this approach for differential cryptanalysis and other attacks that can take advantage of related tweakeys. We generalize the clustering approach of a recent differential attack on the tweakable block cipher MANTIS-5 and describe a tool for efficiently finding and evaluating such clusters. More specifically, we consider the set of all differential characteristics compatible with a given truncated characteristic, tweak difference, and optional constraints for the differential. We refer to this set as a semi-truncated characteristic and estimate its probability by analyzing the distribution of compatible differences at each step.

We apply this approach to find a semi-truncated differential characteristic for MANTIS-6 with probability about $2^{-67.73}$ and derive a key-recovery attack with a complexity of about $2^{53.94}$ chosen-plaintext queries and computations. The data-time product is $2^{107.88} \ll 2^{126}$.

Category / Keywords: secret-key cryptography / Truncated Differential Cryptanalysis, TWEAKEY, MANTIS

Date: received 23 Nov 2017, last revised 23 Nov 2017

Contact author: maria eichlseder at iaik tugraz at

Available format(s): PDF | BibTeX Citation

Version: 20171127:131813 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]