Paper 2023/354

Guessing Less and Better: Improved Attacks on GIFT-64

Federico Canale, Ruhr University Bochum
María Naya-Plasencia, French Institute for Research in Computer Science and Automation

GIFT-64 is a block cipher that has received a lot of attention from the community since its proposal in 2017. The attack on the highest number of rounds is a differential related-key attack on 26 rounds~\cite{DBLP:journals/tosc/SunWW21}. We studied this attack, in particular with respect to the generic framework for improving key recovery from~\cite{DBLP:conf/asiacrypt/BrollCFLN21}, and we realised that this framework, combined with an efficient parallel key guessing of interesting subsets of the key and a consequent list merging applied to the partial solutions, can improve the complexity of the attack. We propose two different trade-offs, as a result of the improved key-recovery. We believe that the techniques are quite generic and that it is possible to apply them to improve other differential attacks.

Available format(s)
Publication info
Key-recoveryDifferential CryptanalysisParallel guessingList mergingGeneric frameworkGIFT-64
Contact author(s)
federico canale @ rub de
maria naya_plasencia @ inria fr
2023-03-15: approved
2023-03-10: received
See all versions
Short URL
Creative Commons Attribution


      author = {Federico Canale and María Naya-Plasencia},
      title = {Guessing Less and Better: Improved Attacks on GIFT-64},
      howpublished = {Cryptology ePrint Archive, Paper 2023/354},
      year = {2023},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.