Cryptology ePrint Archive: Report 2017/286

Impossible Differential Attack on Midori128 Using Rebound-like Technique

Wenquan Bi and Zheng Li and Xiaoyang Dong and Xiaoyun Wang

Abstract: Midori is a family of lightweight block cipher proposed by Banik et al. in ASIACRYPT 2015 and it is optimized with respect to the energy consumed by the circuit per bit in encryption or decryption operation. Midori is based on the Substitution-Permutation Network, which has two variants according to the state sizes, i.e. Midori64 and Midori128. It attracted a lot of attention of cryptanalyst since its release. For Midori64, the first meet-in-the-middle attack was proposed by Lin and Wu, which was published on the ToSC 2017 recently. The first impossible differential attack of Midori64 was presented by Chen et al. and Dong gave the first related-key differential attack. Guo et al. introduced an invariant space attack against full-round Midori64 in weak key setting, which was published in ToSC 2017 recently. However, for Midori128, there are only one impossible differential cryptanalysis result proposed by Chen et al. against 10-round reduced Midori128 and one related-key result by Gerault et al. in INDOCRYPT 2016. In this paper, we present a new impossible differential attack on Midori128 by using a new impossible differential proposed by Sasaki et al., we achieve 10-round impossible differential attack with the time complexity $2^{111}$ and 11-round impossible differential attack with the time complexity $2^{126.94}$ finally. This is the best single-key cryptanalytic result of Midori128 as far as we know. We should point out the our attacks do not threaten the security of full-round Midori128.

Category / Keywords: cryptanalysis, lightweight block cipher, impossible differential, Midori128, single-key attack

Date: received 27 Mar 2017, last revised 30 Mar 2017, withdrawn 15 Nov 2017

Contact author: biwenquan at mail sdu edu cn

Available format(s): (-- withdrawn --)

Version: 20171115:074846 (All versions of this report)

Short URL: ia.cr/2017/286

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]