Paper 2019/170

Key-dependent cube attack on reduced Frit permutation in Duplex-AE modes

Lingyue Qin, Xiaoyang Dong, Keting Jia, and Rui Zong


Frit is a new lightweight 384-bit cryptographic permutation proposed by Simon et al., which is designed for resisting fault injection and performs competitively in both hardware and software. Dobraunig et al. first studied Frit in EM construction, and left an open problem to explore the security of Frit in a sponge or duplex modes. In this paper, by introducing a new key-dependent cube attack method, we partially answer the open question by Dobraunig et al. and give some key-recovery attacks on the rounded-reduced Frit used in duplex authenticated encryption mode (Frit-AE). Our results cover all the versions of Frit-AE and include some practical key-recovery attacks that could recover the key within several minutes.

Available format(s)
Publication info
Published elsewhere. Major revision.SCIENCE CHINA Information Sciences
FritDuplex authenticated encryption modeKey-dependent cube attackKey-recoveryPermutation-based cryptology
Contact author(s)
qly17 @ mails tsinghua edu cn
2019-02-20: received
Short URL
Creative Commons Attribution


      author = {Lingyue Qin and Xiaoyang Dong and Keting Jia and Rui Zong},
      title = {Key-dependent cube attack on reduced Frit permutation in Duplex-AE modes},
      howpublished = {Cryptology ePrint Archive, Paper 2019/170},
      year = {2019},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.