### Impossible Differential Cryptanalysis on Deoxys-BC-256

##### Abstract

Deoxys is a third-round candidate of the CAESAR competition. This paper presents the first impossible differential cryptanalysis of Deoxys-BC-256 which is used in Deoxys as an internal tweakable block cipher. First, we find a 4.5-round ID characteristic by utilizing a miss-in-the-middle-approach. We then present several cryptanalyses based upon the 4.5 rounds distinguisher against round-reduced Deoxys-BC-256 in both single-key and related-key settings. Our contributions include impossible differential attacks on up to 8-rounds Deoxys-BC-256 in the tweak-key model which is, to the best of our knowledge, the first independent investigation of the security of Deoxys-BC-256 in the single-key model. Our attack reaches 9 rounds in the related-key related-tweak model which has a slightly higher data complexity than the best previous results obtained by a rectangle attack presented at FSE 2018 but requires a lower memory complexity with an equal time complexity.

Available format(s)
Category
Secret-key cryptography
Publication info
Published elsewhere. The ISC International Journal of Information Security
Keywords
authenticated encryptionblock cipherDeoxys-BCrelated- tweakrelated-keyimpossible differential cryptanalysis.
Contact author(s)
a mehrdad @ mail sbu ac ir
History
2018-08-08: revised
See all versions
Short URL
https://ia.cr/2018/048

CC BY

BibTeX

@misc{cryptoeprint:2018/048,