Paper 2019/951

Collisions on Feistel-MiMC and univariate GMiMC

Xavier Bonnetain

Abstract

MiMC and GMiMC are families of MPC-friendly block ciphers and hash functions. In this note, we show that the block ciphers MiMC-$2n/n$ (or Feistel-MiMC) and univariate GMiMC are vulnerable to an attack which allows a key recovery in $2^{n/2}$ operations. This attack, which is reminiscent of a slide attack, only relies on their weak key schedules, and is independent of the round function ($x^3$ here) and the number of rounds.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Preprint. Minor revision.
Keywords
MiMCMPCsymmetric cryptanalysis
Contact author(s)
xavier bonnetain @ inria fr
History
2019-08-21: received
Short URL
https://ia.cr/2019/951
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2019/951,
      author = {Xavier Bonnetain},
      title = {Collisions on Feistel-MiMC and univariate GMiMC},
      howpublished = {Cryptology ePrint Archive, Paper 2019/951},
      year = {2019},
      note = {\url{https://eprint.iacr.org/2019/951}},
      url = {https://eprint.iacr.org/2019/951}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.