Cryptology ePrint Archive: Report 2020/1032

Cryptanalysis of the MALICIOUS Framework

Tim Beyne and Chaoyun Li

Abstract: This note describes several attacks on the MALICIOUS framework for creating backdoored tweakable block ciphers. It is shown that, although the embedded malicious tweak pair itself is hard to recover, it is feasible to find additional weak tweak pairs that can be used to mount key-recovery attacks. Full-round attacks on most instances of LowMC-M are given. Our attacks are far from optimized and significant future improvements are to be expected.

We focus on low-data attacks, since these are the most relevant for typical use-cases of LowMC. In addition, this implies that our attacks can not be prevented by limiting the amount of data that can be encrypted using the weak tweak pair.

Despite our findings, we believe that the MALICIOUS framework can be used to create backdoored variants of LowMC provided that the parameters are modified.

Category / Keywords: secret-key cryptography / Backdoor, Cryptanalysis, LowMC-M

Date: received 26 Aug 2020, last revised 30 Aug 2020

Contact author: tim beyne at esat kuleuven be,chaoyun li@esat kuleuven be

Available format(s): PDF | BibTeX Citation

Note: Correction to the differential-linear key-recovery attack.

Version: 20200830:124040 (All versions of this report)

Short URL: ia.cr/2020/1032


[ Cryptology ePrint archive ]