Cryptology ePrint Archive: Report 2019/447

Practical Key-recovery Attacks on Round-Reduced Ketje Jr, Xoodoo-AE and Xoodyak

Haibo Zhou and Zheng Li and Xiaoyang Dong and Keting Jia and Willi Meier

Abstract: Conditional cube attack was proposed by Huang et al. at EUROCRYPT 2017 to attack Keccak keyed mode. Inspired by dynamic cube attack, they reduce the degree by appending key bit conditions on the initial value (IV). Recently, Li et al. proposed new conditional cube attacks on Keccak keyed mode with extremely small degrees of freedom. In this paper, we find a new property on Li et al.'s method, and modify the new conditional cube attack for lightweight encryption algorithms using a 8-2-2 pattern, and apply it on 5-round Ketje Jr, 6-round Xoodoo-AE and Xoodyak, where Ketje Jr is among the 3rd round CAESAR competition candidates and Xoodyak is a Round 1 submission of the ongoing NIST lightweight cryptography project. Then we give the updated conditional cube attack analysis. All our results are of practical time complexity with negligible memory cost and our test codes are given in this paper. Notably, it is the first third-party cryptanalysis result for Xoodyak.

Category / Keywords: secret-key cryptography / Conditional Cube Attack, Keccak, Ketje Jr, Xoodoo,Xoodyak

Date: received 2 May 2019, last revised 8 May 2019

Contact author: zhouhaibo at mail sdu edu cn, xiaoyangdong at tsinghua edu cn, willi meier at fhnw ch

Available format(s): PDF | BibTeX Citation

Version: 20190509:004340 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]