Paper 2020/538

Rotational Cryptanalysis on MAC Algorithm Chaskey

Liliya Kraleva, Tomer Ashur, and Vincent Rijmen

Abstract

In this paper we analyse the algorithm Chaskey - a lightweight MAC algorithm for 32-bit micro controllers - with respect to rotational cryptanalysis. We perform a related-key attack over Chaskey and find a distinguisher by using rotational probabilities. Having a message $m$ we can forge and present a valid tag for some message under a related key with probability $2^{-57}$ for 8 rounds and $2^{-86}$ for all 12 rounds of the permutation for keys in a defined weak-key class. This attack can be extended to full key recovery with complexity $2^{120}$ for the full number of rounds. To our knowledge this is the first published attack targeting all 12 rounds of the algorithm. Additionally, we generalize the Markov theory with respect to a relation between two plaintexts and not their difference and apply it for rotational pairs.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. 18th International Conference on Applied Cryptography and Network Security (ACNS20)
Keywords
Rotational CryptanalysisLightweightARXChaskeyMarkov Theory
Contact author(s)
lkraleva @ esat kuleuven be
History
2020-05-07: received
Short URL
https://ia.cr/2020/538
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2020/538,
      author = {Liliya Kraleva and Tomer Ashur and Vincent Rijmen},
      title = {Rotational Cryptanalysis on MAC Algorithm Chaskey},
      howpublished = {Cryptology ePrint Archive, Paper 2020/538},
      year = {2020},
      note = {\url{https://eprint.iacr.org/2020/538}},
      url = {https://eprint.iacr.org/2020/538}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.