Paper 2020/1032

Cryptanalysis of the MALICIOUS Framework

Tim Beyne and Chaoyun Li


This note describes several attacks on the MALICIOUS framework for creating backdoored tweakable block ciphers. It is shown that, although the embedded malicious tweak pair itself is hard to recover, it is feasible to find additional weak tweak pairs that can be used to mount key-recovery attacks. Full-round attacks on most instances of LowMC-M are given. Our attacks are far from optimized and significant future improvements are to be expected. We focus on low-data attacks, since these are the most relevant for typical use-cases of LowMC. In addition, this implies that our attacks can not be prevented by limiting the amount of data that can be encrypted using the weak tweak pair. Despite our findings, we believe that the MALICIOUS framework can be used to create backdoored variants of LowMC provided that the parameters are modified.

Note: Correction to the differential-linear key-recovery attack.

Available format(s)
Secret-key cryptography
Publication info
Preprint. MINOR revision.
Contact author(s)
tim beyne @ esat kuleuven be
chaoyun li @ esat kuleuven be
2020-08-30: last of 2 revisions
2020-08-27: received
See all versions
Short URL
Creative Commons Attribution


      author = {Tim Beyne and Chaoyun Li},
      title = {Cryptanalysis of the {MALICIOUS} Framework},
      howpublished = {Cryptology ePrint Archive, Paper 2020/1032},
      year = {2020},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.