## Cryptology ePrint Archive: Report 2019/951

Collisions on Feistel-MiMC and univariate GMiMC

Xavier Bonnetain

Abstract: MiMC and GMiMC are families of MPC-friendly block ciphers and hash functions. In this note, we show that the block ciphers MiMC-$2n/n$ (or Feistel-MiMC) and univariate GMiMC are vulnerable to an attack which allows a key recovery in $2^{n/2}$ operations. This attack, which is reminiscent of a slide attack, only relies on their weak key schedules, and is independent of the round function ($x^3$ here) and the number of rounds.

Category / Keywords: secret-key cryptography / MiMC, MPC, symmetric cryptanalysis