## Cryptology ePrint Archive: Report 2021/546

Distinguishing and Key Recovery Attacks on the Reduced-Round SNOW-V

Jin Hoki and Takanori Isobe and Ryoma Ito and Fukang Liu and Kosei Sakamoto

Abstract: This paper proposes distinguishing and key recovery attacks on the reduced-round versions of the SNOW-V stream cipher. First, we construct a MILP model to search for integral characteristics using the division property, and find the best integral distinguisher in the 3-, 4-, and 5-round versions with time complexities of $2^8$, $2^{16}$, and $2^{48}$, respectively. Next, we construct a bit-level MILP model to efficiently search for differential characteristics, and find the best differential characteristics in the 3- and 4-round versions. These characteristics lead to the 3- and 4-round differential distinguishers with time complexities of $2^{48}$ and $2^{103}$, respectively. Then, we consider single-bit and dual-bit differential cryptanalysis, which is inspired by the existing study on Salsa and ChaCha. By carefully choosing the IV values and differences, we observe the best bit-wise differential biases with $2^{&#8722;1.733}$ and $2^{&#8722;17.934}$ in the 4- and 5-round versions, respectively. This is feasible to construct a very practical distinguisher with a time complexity of $2^{4.466}$ for the 4-round version, and a distinguisher with a time complexity of at least $2^{36.868}$ for the 5-round version. Finally, we improve the existing differential attack based on probabilistic neutral bits, which is also inspired by the existing study on Salsa and ChaCha. As a result, we present the best key recovery attack on the 4-round version with a time complexity of $2^{153.97}$ and data complexity of $2^{26.96}$. Consequently, we significantly improve the existing best attacks in the initialization phase by the designers.

Category / Keywords: secret-key cryptography / SNOW, Stream cipher, 5G · Integral attack, Differential attack, Probabilistic Neutral Bits (PNB)

Original Publication (with major differences): ACISP 2021

Date: received 24 Apr 2021

Contact author: takanori isobe at ai u-hyogo ac jp,itorym@nict go jp

Available format(s): PDF | BibTeX Citation

Short URL: ia.cr/2021/546

[ Cryptology ePrint archive ]