Paper 2022/1567
Full Round Zero-sum Distinguishers on TinyJAMBU-128 and TinyJAMBU-192 Keyed-permutation in the Known-key setting
Abstract
TinyJAMBU is one of the finalists in the NIST lightweight standardization competition. This paper presents full round practical zero-sum distinguishers on the keyed permutation used in TinyJAMBU. We propose a full round zero-sum distinguisher on the 128- and 192-bit key variants and a reduced round zero-sum distinguisher for the 256-bit key variant in the known-key settings. Our best known-key distinguisher works with $2^{16}$ data/time complexity on the full 128-bit version and with $2^{23}$ data/time complexity on the full 192-bit version. For the 256-bit ver- sion, we can distinguish 1152 rounds (out of 1280 rounds) in the known- key settings. In addition, we present the best zero-sum distinguishers in the secret-key settings: with complexity $2^{23}$ we can distinguish 544 rounds in the forward direction or 576 rounds in the backward direction. For finding the zero-sum distinguisher, we bound the algebraic degree of the TinyJAMBU permutation using the monomial prediction technique proposed by Hu et al. at ASIACRYPT 2020. We model the monomial prediction rule on TinyJAMBU in MILP and find upper bounds on the degree by computing the parity of the number of solutions.
Metadata
- Available format(s)
-
PDF
- Category
- Attacks and cryptanalysis
- Publication info
- Published elsewhere. Indocrypt 2022
- Contact author(s)
-
orrd @ cs haifa ac il
sghosh03 @ campus haifa ac il
eran @ hideinplainsight io - History
- 2022-11-11: approved
- 2022-11-10: received
- See all versions
- Short URL
- https://ia.cr/2022/1567
- License
-
CC0
BibTeX
@misc{cryptoeprint:2022/1567,
author = {Orr Dunkelman and Shibam Ghosh and Eran Lambooij},
title = {Full Round Zero-sum Distinguishers on {TinyJAMBU}-128 and {TinyJAMBU}-192 Keyed-permutation in the Known-key setting},
howpublished = {Cryptology {ePrint} Archive, Paper 2022/1567},
year = {2022},
url = {https://eprint.iacr.org/2022/1567}
}
