Cryptology ePrint Archive: Report 2018/334

Impossible Differential Attack on QARMA Family of Block Ciphers

Dong Yang and Wen-feng Qi and Hua-jin Chen

Abstract: QARMA is a family of lightweight tweakable block ciphers, which is used to support a software protection feature in the ARMv8 architecture. In this paper, we study the security of QARMA family against the impossible differential attack. First, we generalize the concept of truncated difference. Then, based on the generalized truncated difference, we construct the first 6-round impossible differential dinstinguisher of QARMA. Using the 6-round distinguisher and the time-and-memory trade-off technique, we present 10-round impossible differential attack on QARMA. This attack requires $2^{119.3}$ (resp. $2^{237.3}$) encryption units, $2^{61}$ (resp. $2^{122}$) chosen plaintext and $2^{72}$ 72-bit (resp. $2^{144}$ 144-bit) space for QARMA-64 (resp. QARMA-128). Further, if allowed with higher memory complexity (about $2^{116}$ 120-bit and $2^{232}$ 240-bit space for QARMA-64 and QARMA-128, respectively), our attack can break up 11 rounds of QARMA. To the best of our knowledge, these results are currently the best results with respect to attacked rounds.

Category / Keywords: secret-key cryptography / impossible differential attack, truncated differential, QARMA