Paper 2018/680
Related-Tweakey Impossible Differential Attack on Reduced-Round Deoxys-BC-256
Rui Zong, Xiaoyang Dong, and Xiaoyun Wang
Abstract
Deoxys-BC is the internal tweakable block cipher of Deoxys, a third-round authenticated encryption candidate at the CAESAR competition. In this study, by adequately studying the tweakey schedule, we seek a six-round related-tweakey impossible distinguisher of Deoxys-BC-256, which is transformed from a 3.5-round single-key impossible distinguisher of AES, by application of the mixed integer linear programming (MILP) method. We present a detailed description of this interesting transformation method and the MILP-modeling process. Based on this distinguisher, we mount a key-recovery attack on 10 (out of 14) rounds of Deoxys-BC-256. Compared to previous results that are valid only when the key size $>204$ and the tweak size $<52$, our method can attack 10-round Deoxys-BC-256 as long as the key size $\geq174$ and the tweak size $\leq82$. For the popular setting in which the key size is 192 bits, we can attack one round more than previous works. This version gives the distinguisher and the attack differential which follows the description of the $h$ permutation in the Deoxys document, instead of that in the Deoxys reference implementation in the SUPERCOP package, which is wrong confirmed by the designers. Note that this work only gives a more accurate security evaluation and does not threaten the security of full-round Deoxys-BC-256.
Metadata
- Available format(s)
- Publication info
- Published elsewhere. Major revision. SCIENCE CHINA Information Sciences
- DOI
- 10.1007/s11432-017-9382-2
- Keywords
- related-tweakey impossible dierential attacktweakable block cipherDeoxys-BC-256tweakey scheduleMILP
- Contact author(s)
- zongrui3 @ 163 com
- History
- 2018-09-06: revised
- 2018-07-16: received
- See all versions
- Short URL
- https://ia.cr/2018/680
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2018/680, author = {Rui Zong and Xiaoyang Dong and Xiaoyun Wang}, title = {Related-Tweakey Impossible Differential Attack on Reduced-Round Deoxys-{BC}-256}, howpublished = {Cryptology {ePrint} Archive, Paper 2018/680}, year = {2018}, doi = {10.1007/s11432-017-9382-2}, url = {https://eprint.iacr.org/2018/680} }