Cryptology ePrint Archive: Report 2020/309

Cryptanalysis Results on Spook

Patrick Derbez and Paul Huynh and Virginie Lallemand and María Naya-Plasencia and Léo Perrin and André Schrottenloher

Abstract: Spook is one of the 32 candidates that has made it to the second round of the NIST Lightweight Cryptography Standardization process, and is particularly interesting since it proposes differential side channel resistance. In this paper, we present practical distinguishers of the full 6-step version of the underlying permutations of Spook, namely Shadow-512 and Shadow-384, solving challenges proposed by the designers on the permutation. We also propose practical forgeries with 4-step Shadow for the S1P mode of operation in the nonce misuse scenario, which is allowed by the CIML2 security game considered by the authors. All the results presented in this paper have been implemented.

Category / Keywords: secret-key cryptography / dedicated cryptanalysis, differential attacks, implemented attacks, Spook, round constants, lightweight primitives, distinguisher, forgery

Original Publication (in the same form): IACR-CRYPTO-2020

Date: received 11 Mar 2020, last revised 8 Jun 2020

Contact author: patrick derbez at irisa fr, paul huynh@loria fr, virginie lallemand@loria fr, maria naya_plasencia@inria fr, leo perrin@inria fr, andre schrottenloher@inria fr

Available format(s): PDF | BibTeX Citation

Version: 20200608:120130 (All versions of this report)

Short URL: ia.cr/2020/309


[ Cryptology ePrint archive ]