Paper 2017/1136

Clustering Related-Tweak Characteristics: Application to MANTIS-6

Maria Eichlseder
Daniel Kales

The TWEAKEY/STK construction is an increasingly popular approach for designing tweakable block ciphers that notably uses a linear tweakey schedule. Several recent attacks have analyzed the implications of this approach for differential cryptanalysis and other attacks that can take advantage of related tweakeys. We generalize the clustering approach of a recent differential attack on the tweakable block cipher MANTIS-5 and describe a tool for efficiently finding and evaluating such clusters. More specifically, we consider the set of all differential characteristics compatible with a given truncated characteristic, tweak difference, and optional constraints for the differential. We refer to this set as a semi-truncated characteristic and estimate its probability by analyzing the distribution of compatible differences at each step. We apply this approach to find a semi-truncated differential characteristic for MANTIS-6 with probability about $2^{-67.73}$ and derive a key-recovery attack with a complexity of about $2^{53.94}$ chosen-plaintext queries and computations. The data-time product is $2^{107.88} \ll 2^{126}$.

Note: updated to published version

Available format(s)
Secret-key cryptography
Publication info
Published by the IACR in TOSC 2018
Truncated Differential CryptanalysisTWEAKEYMANTIS
Contact author(s)
maria eichlseder @ iaik tugraz at
2024-06-07: revised
2017-11-27: received
See all versions
Short URL
Creative Commons Attribution


      author = {Maria Eichlseder and Daniel Kales},
      title = {Clustering Related-Tweak Characteristics: Application to {MANTIS}-6},
      howpublished = {Cryptology ePrint Archive, Paper 2017/1136},
      year = {2017},
      doi = {10.13154/tosc.v2018.i2.111-132},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.