Paper 2023/816

Simplified Modeling of MITM Attacks for Block Ciphers: new (Quantum) Attacks

André Schrottenloher, Univ Rennes, Inria, CNRS, IRISA
Marc Stevens, Centrum Wiskunde & Informatica

The meet-in-the-middle (MITM) technique has led to many key-recovery attacks on block ciphers and preimage attacks on hash functions. Nowadays, cryptographers use automatic tools that reduce the search of MITM attacks to an optimization problem. Bao et al. (EUROCRYPT 2021) introduced a low-level modeling based on Mixed Integer Linear Programming (MILP) for MITM attacks on hash functions, which was extended to key-recovery attacks by Dong et al. (CRYPTO 2021). However, the modeling only covers AES-like designs. Schrottenloher and Stevens (CRYPTO 2022) proposed a different approach aiming at higher-level simplified models. However, this modeling was limited to cryptographic permutations. In this paper, we extend the latter simplified modeling to also cover block ciphers with simple key schedules. The resulting modeling enables us to target a large array of primitives, typically lightweight SPN ciphers where the key schedule has a slow diffusion, or none at all. We give several applications such as full breaks of the PIPO-256 and FUTURE block ciphers, and reduced-round classical and quantum attacks on SATURNIN-Hash.

Available format(s)
Attacks and cryptanalysis
Publication info
Published by the IACR in TOSC 2023
MITM AttacksKey-recovery attacksQuantum cryptanalysisPreimage attacksAESPresent
Contact author(s)
andre schrottenloher @ inria fr
marc stevens @ cwi nl
2023-09-22: revised
2023-06-02: received
See all versions
Short URL
Creative Commons Attribution


      author = {André Schrottenloher and Marc Stevens},
      title = {Simplified Modeling of MITM Attacks for Block Ciphers: new (Quantum) Attacks},
      howpublished = {Cryptology ePrint Archive, Paper 2023/816},
      year = {2023},
      doi = {10.46586/tosc.v2023.i3.146-183},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.