Paper 2023/1691

Some Results on Related Key-IV Pairs of Espresso

George Teseleanu
Abstract

In this paper, we analyze the Espresso cipher from a related key chosen IV perspective. More precisely, we explain how one can obtain Key-IV pairs such that Espresso's keystreams either have certain identical bits or are shifted versions of each other. For the first case, we show how to obtain such pairs after $2^{32}$ iterations, while for the second case, we present an algorithm that produces such pairs in $2^{28}$ iterations. Moreover, we show that by making a minor change in the padding used during the initialization phase, it can lead to a more secure version of the cipher. Specifically, changing the padding increases the complexity of our second attack from $2^{28}$ to $2^{34}$. Finally, we show how related IVs can accelerate brute force attacks, resulting in a faster key recovery. Although our work does not have any immediate implications for breaking the Espresso cipher, these observations are relevant in the related-key chosen IV scenario.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Major revision. SECITC 2023
Keywords
Espressoslide attackscryptanalysisrelated keys
Contact author(s)
george teseleanu @ yahoo com
History
2023-11-03: approved
2023-11-01: received
See all versions
Short URL
https://ia.cr/2023/1691
License
Creative Commons Attribution-NonCommercial-ShareAlike
CC BY-NC-SA

BibTeX 

@misc{cryptoeprint:2023/1691,
      author = {George Teseleanu},
      title = {Some Results on Related Key-{IV} Pairs of Espresso},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/1691},
      year = {2023},
      url = {https://eprint.iacr.org/2023/1691}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.