Paper 2022/612

Cryptanalysis of Reduced Round SPEEDY

Raghvendra Rohit and Santanu Sarkar

Abstract

SPEEDY is a family of ultra low latency block ciphers proposed by Leander, Moos, Moradi and Rasoolzadeh at TCHES 2021. Although the designers gave some differential/linear distinguishers for reduced rounds, a concrete cryptanalysis considering key recovery attacks on SPEEDY was completely missing. The latter is crucial to understand the security margin of designs like SPEEDY which typically use low number of rounds to have low latency. In this work, we present the first third-party cryptanalysis of SPEEDY-$r$-192, where $r \in \{5, 6, 7\}$ is the number of rounds and 192 is block and key size in bits. We identify cube distinguishers for 2 rounds with data complexities $2^{14}$ and $2^{13}$, while the differential/linear distinguishers provided by designers has a complexity of $2^{39}$. Notably, we show that there are several such cube distinguishers, and thus, we then provide a generic description of them. We also investigate the structural properties of 13-dimensional cubes and give experimental evidence that the partial algebraic normal form of certain state bits after two rounds is always the same. Next, we utilize the 2 rounds distinguishers to mount a key recovery attack on 3 rounds SPEEDY. Our attack require $2^{17.6}$ data, $2^{25.5}$ bits of memory and $2^{52.5}$ time. Our results show that the practical variant of SPEEDY, i.e., SPEEDY-5-192 has a security margin of only 2 rounds. We believe our work will bring new insights in understanding the security of SPEEDY.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Minor revision. Africacrypt 2022
Keywords
SPEEDYCube attacksBlock cipher
Contact author(s)
iraghvendrarohit @ gmail com
raghvendra rohit @ tii ae
sarkar santanu bir1 @ gmail com
History
2022-05-23: received
Short URL
https://ia.cr/2022/612
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2022/612,
      author = {Raghvendra Rohit and Santanu Sarkar},
      title = {Cryptanalysis of Reduced Round {SPEEDY}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2022/612},
      year = {2022},
      url = {https://eprint.iacr.org/2022/612}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.