Paper 2023/612
Cryptanalysis of SPEEDY
Abstract
SPEEDY is a family of ultra-lightweight block ciphers designed by Leander et al. at CHES 2021. There are three recommended variants denoted as SPEEDY-$r$-192 with $r$∈{5,6,7}. All of them support the 192-bit block and the 192-bit key. The main focus during its design is to ensure hardware-aware low latency, thus, whether it is designed to have enough security is worth to be studied. Recently, the full-round security of SPEEDY-7-192 is announced to be broken by Boura et al. at EUROCRYPT 2023 under the chosen-ciphertext setting, where a round-reduced attack on SPEEDY-6-192 is also proposed. However, no valid attack on SPEEDY-5-192 is given due to its more restricted security parameters. Up to now, the best key recovery attack on this variant only covers 3 rounds proposed by Rohit et al. at AFRICACRYPT 2022. In this paper, we give three full-round attacks on SPEEDY-7-192. Using the divide-and-conquer strategy and other new proposed techniques, we found a 5.5-round differential distinguisher which can be used to mount the first chosen-plaintext full-round key recovery attack. With a similar strategy, we also found a 5-round linear distinguisher which leads to the first full-round attack under the known-plaintext setting. Meanwhile, the 5.5-round differential distinguisher also helps us slightly improve the full-round attack in the chosen-ciphertext setting compared with the previous result. Besides, we also present a 4-round differential attack on SPEEDY-5-192, which is the best attack on this variant in terms of the number of rounds so far. A faster key recovery attack covering the same rounds is also given using a differential-linear distinguisher. Both attacks cannot threaten the full round security of SPEEDY-5-192.
Metadata
- Available format(s)
- Category
- Secret-key cryptography
- Publication info
- Published elsewhere. ACISP 2023
- Keywords
- Lightweight CryptographyLow LatencySPEEDY
- Contact author(s)
-
jinliangwang @ mail sdu edu cn
niuchao @ mail sdu edu cn
qunliu @ mail sdu edu cn
muzhouli @ mail sdu edu cn
Bart Preneel @ esat kuleuven be
mqwang @ sdu edu cn - History
- 2023-05-01: approved
- 2023-04-29: received
- See all versions
- Short URL
- https://ia.cr/2023/612
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2023/612, author = {Jinliang Wang and Chao Niu and Qun Liu and Muzhou Li and Bart Preneel and Meiqin Wang}, title = {Cryptanalysis of {SPEEDY}}, howpublished = {Cryptology {ePrint} Archive, Paper 2023/612}, year = {2023}, url = {https://eprint.iacr.org/2023/612} }