Cryptology ePrint Archive: Report 2021/1310

Related-Tweak Impossible Differential Cryptanalysis of Reduced-Round TweAES

Chao Niu and Muzhou Li and Meiqin Wang and Qingju Wang and Siu-Ming Yiu

Abstract: We consider the related-tweak impossible differential cryptanalysis of \texttt{TweAES}. It is one of the underlying primitives of Authenticated Encryption with Associated Data (AEAD) scheme \texttt{ESTATE} which was accepted as one of second-round candidates in the NIST Lightweight Cryptography Standardization project. Firstly, we reveal several properties of \texttt{TweAES}, which show what kinds of distinguishers are more effective in recovering keys. With the help of automatic solver Simple Theorem Prover (STP), we achieve many 5.5-round related-tweak impossible differentials with fixed input differences and output differences that just have one active byte. Then, we implement 8-round key recovery attacks against \texttt{TweAES} based on one of these 5.5-round distinguishes. Moreover, another 5.5-round distinguisher that has four active bytes at the end is utilized to mount a 7-round key recovery attack against \texttt{TweAES}, which needs much lower attack complexities than the 6-round related-tweak impossible differential attack of \texttt{TweAES} in the design document. Our 8-round key recovery attack is the best one against \texttt{TweAES} in terms of the number of rounds and complexities so far.

Category / Keywords: secret-key cryptography / TweAES, Tweakable block ciphers, Related-tweak, Impossible differential cryptanalysis

Original Publication (in the same form): SAC 2021

Date: received 28 Sep 2021

Contact author: mqwang at sdu edu cn

Available format(s): PDF | BibTeX Citation

Version: 20210928:184515 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]