Paper 2020/1045

On the Security Margin of TinyJAMBU with Refined Differential and Linear Cryptanalysis

Dhiman Saha, Yu Sasaki, Danping Shi, Ferdinand Sibleyras, Siwei Sun, and Yingjie Zhang


This paper presents the first third-party security analysis of \tinyjambu, which is one of 32 second-round candidates in NIST's lightweight cryptography standardization process. TinyJAMBU adopts an NLFSR based keyed-permutation that computes only a single NAND gate as a non-linear component per round. The designers evaluated the minimum number of active AND gates, however such a counting method neglects the dependency between multiple AND gates. There also exist previous works considering such dependencies with stricter models, however those are known to be too slow. In this paper, we present a new model that provides a good balance of efficiency and accuracy by only taking into account the first-order correlation of AND gates that frequently occurs in TinyJAMBU. With the refined model, we show a 338-round differential with probability $2^{-62.68}$ that leads to a forgery attack breaking 64-bit security. This implies that the security margin of TinyJAMBU with respect to the number of unattacked rounds is approximately 12%. We also show a differential on full 384 rounds with probability $2^{-70.64}$, thus the security margin of full rounds with respect to the data complexity, namely the gap between the claimed security bits and the attack complexity, is less than 8 bits. Our attacks also point out structural weaknesses of the mode that essentially come from the minimal state size to be lightweight.

Available format(s)
Secret-key cryptography
Publication info
Published by the IACR in FSE 2021
TinyJAMBUNIST Lightweight cryptographyAEADDifferentialLinearMILPModel
Contact author(s)
dhiman @ iitbhilai ac in
yu sasaki sk @ hco ntt co jp
shidanping @ iie ac cn
ferdinand sibleyras @ inria fr
siweisun isaac @ gmail com
sunsiwei @ iie ac cn
zhangyingjie @ iie ac cn
2020-08-31: received
Short URL
Creative Commons Attribution


      author = {Dhiman Saha and Yu Sasaki and Danping Shi and Ferdinand Sibleyras and Siwei Sun and Yingjie Zhang},
      title = {On the Security Margin of TinyJAMBU with Refined Differential and Linear Cryptanalysis},
      howpublished = {Cryptology ePrint Archive, Paper 2020/1045},
      year = {2020},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.