Paper 2022/612

Cryptanalysis of Reduced Round SPEEDY

Raghvendra Rohit and Santanu Sarkar


SPEEDY is a family of ultra low latency block ciphers proposed by Leander, Moos, Moradi and Rasoolzadeh at TCHES 2021. Although the designers gave some differential/linear distinguishers for reduced rounds, a concrete cryptanalysis considering key recovery attacks on SPEEDY was completely missing. The latter is crucial to understand the security margin of designs like SPEEDY which typically use low number of rounds to have low latency. In this work, we present the first third-party cryptanalysis of SPEEDY-$r$-192, where $r \in \{5, 6, 7\}$ is the number of rounds and 192 is block and key size in bits. We identify cube distinguishers for 2 rounds with data complexities $2^{14}$ and $2^{13}$, while the differential/linear distinguishers provided by designers has a complexity of $2^{39}$. Notably, we show that there are several such cube distinguishers, and thus, we then provide a generic description of them. We also investigate the structural properties of 13-dimensional cubes and give experimental evidence that the partial algebraic normal form of certain state bits after two rounds is always the same. Next, we utilize the 2 rounds distinguishers to mount a key recovery attack on 3 rounds SPEEDY. Our attack require $2^{17.6}$ data, $2^{25.5}$ bits of memory and $2^{52.5}$ time. Our results show that the practical variant of SPEEDY, i.e., SPEEDY-5-192 has a security margin of only 2 rounds. We believe our work will bring new insights in understanding the security of SPEEDY.

Available format(s)
Secret-key cryptography
Publication info
Published elsewhere. Minor revision. Africacrypt 2022
SPEEDYCube attacksBlock cipher
Contact author(s)
iraghvendrarohit @ gmail com
raghvendra rohit @ tii ae
sarkar santanu bir1 @ gmail com
2022-05-23: received
Short URL
Creative Commons Attribution


      author = {Raghvendra Rohit and Santanu Sarkar},
      title = {Cryptanalysis of Reduced Round {SPEEDY}},
      howpublished = {Cryptology ePrint Archive, Paper 2022/612},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.