## Cryptology ePrint Archive: Report 2020/538

Rotational Cryptanalysis on MAC Algorithm Chaskey

Liliya Kraleva and Tomer Ashur and Vincent Rijmen

Abstract: In this paper we analyse the algorithm Chaskey - a lightweight MAC algorithm for 32-bit micro controllers - with respect to rotational cryptanalysis. We perform a related-key attack over Chaskey and find a distinguisher by using rotational probabilities. Having a message $m$ we can forge and present a valid tag for some message under a related key with probability $2^{-57}$ for 8 rounds and $2^{-86}$ for all 12 rounds of the permutation for keys in a defined weak-key class. This attack can be extended to full key recovery with complexity $2^{120}$ for the full number of rounds. To our knowledge this is the first published attack targeting all 12 rounds of the algorithm. Additionally, we generalize the Markov theory with respect to a relation between two plaintexts and not their difference and apply it for rotational pairs.

Category / Keywords: secret-key cryptography / Rotational Cryptanalysis, Lightweight, ARX , Chaskey, Markov Theory

Original Publication (in the same form): 18th International Conference on Applied Cryptography and Network Security (ACNS20)