Rotational Cryptanalysis on MAC Algorithm Chaskey

Liliya Kraleva; Tomer Ashur; Vincent Rijmen

Paper 2020/538

Rotational Cryptanalysis on MAC Algorithm Chaskey

Liliya Kraleva, Tomer Ashur, and Vincent Rijmen

Abstract

In this paper we analyse the algorithm Chaskey - a lightweight MAC algorithm for 32-bit micro controllers - with respect to rotational cryptanalysis. We perform a related-key attack over Chaskey and find a distinguisher by using rotational probabilities. Having a message $m$ we can forge and present a valid tag for some message under a related key with probability $2^{- 57}$ for 8 rounds and $2^{- 86}$ for all 12 rounds of the permutation for keys in a defined weak-key class. This attack can be extended to full key recovery with complexity $2^{120}$ for the full number of rounds. To our knowledge this is the first published attack targeting all 12 rounds of the algorithm. Additionally, we generalize the Markov theory with respect to a relation between two plaintexts and not their difference and apply it for rotational pairs.

Metadata

Available format(s): PDF
Category: Secret-key cryptography
Publication info: Published elsewhere. 18th International Conference on Applied Cryptography and Network Security (ACNS20)
Keywords: Rotational Cryptanalysis Lightweight ARX Chaskey Markov Theory
Contact author(s): lkraleva @ esat kuleuven be
History: 2020-05-07: received
Short URL: https://ia.cr/2020/538
License: CC BY

BibTeX

@misc{cryptoeprint:2020/538,
      author = {Liliya Kraleva and Tomer Ashur and Vincent Rijmen},
      title = {Rotational Cryptanalysis on {MAC} Algorithm Chaskey},
      howpublished = {Cryptology {ePrint} Archive, Paper 2020/538},
      year = {2020},
      url = {https://eprint.iacr.org/2020/538}
}