Paper 2020/538

Rotational Cryptanalysis on MAC Algorithm Chaskey

Liliya Kraleva, Tomer Ashur, and Vincent Rijmen


In this paper we analyse the algorithm Chaskey - a lightweight MAC algorithm for 32-bit micro controllers - with respect to rotational cryptanalysis. We perform a related-key attack over Chaskey and find a distinguisher by using rotational probabilities. Having a message $m$ we can forge and present a valid tag for some message under a related key with probability $2^{-57}$ for 8 rounds and $2^{-86}$ for all 12 rounds of the permutation for keys in a defined weak-key class. This attack can be extended to full key recovery with complexity $2^{120}$ for the full number of rounds. To our knowledge this is the first published attack targeting all 12 rounds of the algorithm. Additionally, we generalize the Markov theory with respect to a relation between two plaintexts and not their difference and apply it for rotational pairs.

Available format(s)
Secret-key cryptography
Publication info
Published elsewhere. 18th International Conference on Applied Cryptography and Network Security (ACNS20)
Rotational CryptanalysisLightweightARXChaskeyMarkov Theory
Contact author(s)
lkraleva @ esat kuleuven be
2020-05-07: received
Short URL
Creative Commons Attribution


      author = {Liliya Kraleva and Tomer Ashur and Vincent Rijmen},
      title = {Rotational Cryptanalysis on MAC Algorithm Chaskey},
      howpublished = {Cryptology ePrint Archive, Paper 2020/538},
      year = {2020},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.