Paper 2023/936
Conditional Cube Key Recovery Attack on Round-Reduced Xoodyak
Abstract
Since the announcement of the NIST call for a new lightweight cryptographic standard, a lot of schemes have been proposed in response. Xoodyak is one of these schemes and is among the finalists of the NIST competition with a sponge structure very similar to the Keccak hash function – the winner of the SHA3 NIST competition. In this paper with conditional cube attack technique, we fully recover the key of Xoodyak reduced to 6 and 7 rounds with time complexity resp. 2^{42.58} and 2^{76.003} in the nonce-reusing scenario. In our attack setting, we import the cube variables in the absorbing associated data phase, which has higher degree of freedom in comparison to data absorption phase. We use MILP tool for finding enough cube variables to perform the conditional key recovery attack. The 6-round attack is practical and has been implemented. To the best of our knowledge, this is the first proposed attack on 7-round Xoodyak.
Metadata
- Available format(s)
-
PDF
- Category
- Attacks and cryptanalysis
- Publication info
- Published elsewhere. 1st ACNS Workshop on Automated Methods and Data-driven Techniques in Symmetric-key Cryptanalysis
- Keywords
- XoodyakSymmetric-keyCryptanalysisConditional Cube AttackLightweight CryptographyMILP
- Contact author(s)
-
mohammad vaziri @ ed ac uk
vvelichk @ exseed ed ac uk - History
- 2023-06-19: approved
- 2023-06-15: received
- See all versions
- Short URL
- https://ia.cr/2023/936
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2023/936,
author = {Mohammad Vaziri and Vesselin Velichkov},
title = {Conditional Cube Key Recovery Attack on Round-Reduced Xoodyak},
howpublished = {Cryptology ePrint Archive, Paper 2023/936},
year = {2023},
note = {\url{https://eprint.iacr.org/2023/936}},
url = {https://eprint.iacr.org/2023/936}
}
