Paper 2019/727

Iterative Differential Characteristic of TRIFLE-BC

Fukang Liu and Takanori Isobe

Abstract

TRIFLE is a Round 1 candidate of the NIST Lightweight Cryptography Standardization process. In this paper, we present an interesting 1-round iterative differential characteristic of the underlying block cipher TRIFLE-BC used in TRIFLE, which holds with probability of 23. Consequently, it allows to mount distinguishing attack on TRIFLE-BC for up to 43 (out of 50) rounds with data complexity 2124 and time complexity 2124. Most importantly, with such an iterative differential characteristic, the forgery attack on TRIFLE can reach up to 21 (out of 50) rounds with data complexity 263 and time complexity 263. Finally, to achieve key recovery attack on reduced TRIFLE, we construct a differential characteristic covering three blocks by carefully choosing the positions of the iterative differential characteristic. As a result, we can mount key-recovery attack on TRIFLE for up to 11 rounds with data complexity and time complexity . Although the result in this paper cannot threaten the security margin of TRIFLE, we hope it can help further understand the security of TRIFLE.

Note: Correct some editorial mistakes.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Minor revision. SAC 2019
Keywords
AEADTRIFLEdifferential attackdistinguisherforgery
Contact author(s)
liufukangs @ 163 com
takanori isobe @ ai u-hyogo ac jp
History
2019-07-09: revised
2019-06-20: received
See all versions
Short URL
https://ia.cr/2019/727
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2019/727,
      author = {Fukang Liu and Takanori Isobe},
      title = {Iterative Differential Characteristic of {TRIFLE}-{BC}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2019/727},
      year = {2019},
      url = {https://eprint.iacr.org/2019/727}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.