Paper 2022/1640

Differential Meet-In-The-Middle Cryptanalysis

Christina Boura, Université Paris-Saclay, UVSQ, CNRS, Laboratoire de mathématiques de Versailles, 78000, Versailles, France
Nicolas David, Inria, France
Patrick Derbez, Univ Rennes, Inria, CNRS, IRISA, France
Gregor Leander, Ruhr University Bochum, Bochum, Germany
María Naya-Plasencia, Inria, France

In this paper we introduce the differential meet-in-the-middle framework, a new cryptanalysis technique for symmetric primitives. Our new cryptanalysis method combines techniques from both meet-in-the- middle and differential cryptanalysis. As such, the introduced technique can be seen as a way of extending meet-in-the-middle attacks and their variants but also as a new way to perform the key recovery part in differential attacks. We apply our approach to SKINNY-128-384 in the single-key model and to AES-256 in the related-key model. Our attack on SKINNY-128-384 permits to break 25 out of the 56 rounds of this variant and improves by two rounds the previous best known attacks. For AES-256 we attack 12 rounds by considering two related keys, thus outperforming the previous best related-key attack on AES-256 with only two related keys by 2 rounds.

Available format(s)
Secret-key cryptography
Publication info
Published by the IACR in CRYPTO 2023
differential cryptanalysismeet-in-the-middle cryptanalysisSKINNYAES
Contact author(s)
christina boura @ uvsq fr
nicolas david @ inria fr
patrick derbez @ irisa fr
gregor leander @ rub de
maria naya-plasencia @ inria fr
2023-06-05: last of 3 revisions
2022-11-24: received
See all versions
Short URL
Creative Commons Attribution


      author = {Christina Boura and Nicolas David and Patrick Derbez and Gregor Leander and María Naya-Plasencia},
      title = {Differential Meet-In-The-Middle Cryptanalysis},
      howpublished = {Cryptology ePrint Archive, Paper 2022/1640},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.