Iterative Differential Characteristic of TRIFLE-BC

Fukang Liu; Takanori Isobe

Paper 2019/727

Iterative Differential Characteristic of TRIFLE-BC

Fukang Liu and Takanori Isobe

Abstract

TRIFLE is a Round 1 candidate of the NIST Lightweight Cryptography Standardization process. In this paper, we present an interesting 1-round iterative differential characteristic of the underlying block cipher TRIFLE-BC used in TRIFLE, which holds with probability of $2^{- 3}$ . Consequently, it allows to mount distinguishing attack on TRIFLE-BC for up to 43 (out of 50) rounds with data complexity $2^{124}$ and time complexity $2^{124}$ . Most importantly, with such an iterative differential characteristic, the forgery attack on TRIFLE can reach up to 21 (out of 50) rounds with data complexity $2^{63}$ and time complexity $2^{63}$ . Finally, to achieve key recovery attack on reduced TRIFLE, we construct a differential characteristic covering three blocks by carefully choosing the positions of the iterative differential characteristic. As a result, we can mount key-recovery attack on TRIFLE for up to 11 rounds with data complexity and time complexity . Although the result in this paper cannot threaten the security margin of TRIFLE, we hope it can help further understand the security of TRIFLE.

Note: Correct some editorial mistakes.

Metadata

Available format(s): PDF
Category: Secret-key cryptography
Publication info: Published elsewhere. Minor revision. SAC 2019
Keywords: AEAD TRIFLE differential attack distinguisher forgery
Contact author(s): liufukangs @ 163 com
takanori isobe @ ai u-hyogo ac jp
History: 2019-07-09: revised; 2019-06-20: received; See all versions
Short URL: https://ia.cr/2019/727
License: CC BY

BibTeX

@misc{cryptoeprint:2019/727,
      author = {Fukang Liu and Takanori Isobe},
      title = {Iterative Differential Characteristic of {TRIFLE}-{BC}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2019/727},
      year = {2019},
      url = {https://eprint.iacr.org/2019/727}
}