Paper 2018/799

Finding Ordinary Cube Variables for Keccak-MAC with Greedy Algorithm

Fukang Liu, Zhenfu Cao, and Gaoli Wang


In this paper, we introduce an alternative method to find ordinary cube variables for Keccak-MAC by making full use of the key-independent bit conditions. First, we select some potential candidates for ordinary cube variables by properly adding key-independent bit conditions, which do not multiply with the chosen conditional cube variables in the first two rounds. Then, we carefully determine the ordinary cube variables from the candidates to establish the conditional cube tester. Finally, based on our new method to recover the 128-bit key, the conditional cube attack on 7-round Keccak-MAC-128/256/384 is improved to $2^{71}$ and 6-round Keccak-MAC-512 can be attacked with at most $2^{40}$ calls to 6-round Keccak internal permutation. It should be emphasized that our new approach does not require sophisticated modeling. As far as we know, it is the first time to clearly reveal how to utilize the key-independent bit conditions to select ordinary cube variables for Keccak-MAC.

Note: This is the IWSEC 2019 version.

Available format(s)
Secret-key cryptography
Publication info
Published elsewhere. IWSEC 2019
hash functionKeccakKeccak-MACordinary cube variablesconditional cube attack
Contact author(s)
liufukangs @ 163 com
2019-05-30: last of 12 revisions
2018-09-01: received
See all versions
Short URL
Creative Commons Attribution


      author = {Fukang Liu and Zhenfu Cao and Gaoli Wang},
      title = {Finding Ordinary Cube Variables for Keccak-MAC with Greedy Algorithm},
      howpublished = {Cryptology ePrint Archive, Paper 2018/799},
      year = {2018},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.