Paper 2023/1943
Distinguisher and Related-Key Attack on HALFLOOP-96
Abstract
HALFLOOP-96 is a 96-bit tweakable block cipher used in high frequency radio to secure automatic link establishment messages. In this paper, we concentrate on its differential properties in the contexts of conventional, related-tweak, and related-key differential attacks. Using automatic techniques, we determine the minimum number of active S-boxes and the maximum differential probability in each of the three configurations. The resistance of HALFLOOP-96 to differential attacks in the conventional and related-tweak configurations is good, and the longest distinguishers in both configurations consist of five rounds. In contrast, the security of the cipher against differential attacks in the related-key configuration is inadequate. The most effective related-key distinguisher we can find spans eight rounds. The 8-round related-key differential distinguisher is then utilised to initiate a 9-round weak-key attack. With $2^{92.96}$ chosen-plaintexts, 38.77-bit equivalent information about the keys can be recovered. Even though the attack does not pose a significant security threat to HALFLOOP-96, its security margin in the related-key configuration is exceedingly narrow. Therefore, improper use must be avoided in the application.
Metadata
- Available format(s)
-
PDF
- Category
- Attacks and cryptanalysis
- Publication info
- Published elsewhere. ICISC 2023
- Keywords
- Differential cryptanalysisRelated-tweakRelated-keyHALFLOOP-96
- Contact author(s)
-
ljp1024147512 @ 163 com
lingsun @ sdu edu cn - History
- 2023-12-22: approved
- 2023-12-22: received
- See all versions
- Short URL
- https://ia.cr/2023/1943
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2023/1943,
author = {Jinpeng Liu and Ling Sun},
title = {Distinguisher and Related-Key Attack on HALFLOOP-96},
howpublished = {Cryptology ePrint Archive, Paper 2023/1943},
year = {2023},
note = {\url{https://eprint.iacr.org/2023/1943}},
url = {https://eprint.iacr.org/2023/1943}
}
