Paper 2021/427

Meet-in-the-Middle Attacks Revisited: Key-recovery, Collision, and Preimage Attacks

Xiaoyang Dong, Jialiang Hua, Siwei Sun, Zheng Li, Xiaoyun Wang, and Lei Hu

Abstract

At EUROCRYPT 2021, Bao et al. proposed an automatic method for systematically exploring the configuration space of meet-in-the-middle (MITM) preimage attacks. We further extend it into a constraint-based framework for finding exploitable MITM characteristics in the context of key-recovery and collision attacks by taking the subtle peculiarities of both scenarios into account. Moreover, to perform attacks based on MITM characteristics with nonlinear constrained neutral words, which have not been seen before, we present a procedure for deriving the solution spaces of neutral words without solving the corresponding nonlinear equations or increasing the overall time complexities of the attack. We apply our method to concrete symmetric-key primitives, including SKINNY, ForkSkinny, Romulus, Saturnin, Grostl, Whirlpool, and hashing modes with AES-256. As a result, we identify the first 23-round key-recovery attack on SKINNY-$n$-$3n$ and the first 24-round key-recovery attack on ForkSkinny-$n$-$3n$ in the single-key model. Moreover, improved (pseudo) preimage or collision attacks on round-reduced Whirlpool, Grostl, and hashing modes with AES-256 are obtained. In particular, employing the new representation of the AES key schedule due to Leurent and Pernot (EUROCRYPT 2021), we identify the first preimage attack on 10-round AES-256 hashing.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
A major revision of an IACR publication in CRYPTO 2021
Keywords
Meet-in-the-MiddleThree-subset MITMPreimage attackCollision AttackAES-256MILP
Contact author(s)
xiaoyangdong @ tsinghua edu cn
huajl18 @ mails tsinghua edu cn
siweisun isaac @ gmail com
lizhengcn @ bjut edu cn
sunsiwei @ iie ac cn
hulei @ iie ac cn
xiaoyunwang @ tsinghua edu cn
History
2021-06-22: last of 7 revisions
2021-04-06: received
See all versions
Short URL
https://ia.cr/2021/427
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2021/427,
      author = {Xiaoyang Dong and Jialiang Hua and Siwei Sun and Zheng Li and Xiaoyun Wang and Lei Hu},
      title = {Meet-in-the-Middle Attacks Revisited: Key-recovery, Collision, and Preimage Attacks},
      howpublished = {Cryptology {ePrint} Archive, Paper 2021/427},
      year = {2021},
      url = {https://eprint.iacr.org/2021/427}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.