Paper 2022/1122

Practical Related-Key Forgery Attacks on the Full TinyJAMBU-192/256

Orr Dunkelman, University of Haifa
Eran Lambooij, University of Haifa
Shibam Ghosh, University of Haifa

TinyJambu is one of the finalists in the NIST lightweight cryptography competition. It has undergone extensive analysis in the recent years as both the keyed permutation as well as the mode are new designs. In this paper we present a related-key forgery attackon the updated TinyJambu scheme with 256- and 192-bit keys. We introduce a high probability related-key differential attack were the differences are only introduced into the key state. Therefore, the characteristic is applicable to the TinyJambu mode and can be used to mount a forgery attack. The time and data complexity of the forgery are $2^{32}$ using $2^{10}$ related-keys for the 256-bit key version, and $2^{42}$ using $2^{12}$ related-keys for the 192-bit key version. For the 128-bit key we construct a related-key differential characteristic on the full keyed permutation of TinyJambu with a probability of $2^{-16}$. We extend the related-key differential characteristics on TinyJambu to practical time key recovery attacks that extract the full key from the keyed permutation with a time and data complexity of $2^{23}$, $2^{20}$, and $2^{18}$ for respectively the 128-, 192-, and 256-bit key variants. All characteristics are experimentally verified and we provide key nonce pairs that produce the same tag to show the feasibility of the forgery attack.

Available format(s)
Attacks and cryptanalysis
Publication info
TinyJambu Differential Cryptanalysis Forgery Related-key
Contact author(s)
eran @ hideinplainsight io
2022-08-31: approved
2022-08-29: received
See all versions
Short URL
Creative Commons Attribution


      author = {Orr Dunkelman and Eran Lambooij and Shibam Ghosh},
      title = {Practical Related-Key Forgery Attacks on the Full TinyJAMBU-192/256},
      howpublished = {Cryptology ePrint Archive, Paper 2022/1122},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.