Conditional Cube Key Recovery Attack on Round-Reduced Xoodyak

Mohammad Vaziri; Vesselin Velichkov

Paper 2023/936

Conditional Cube Key Recovery Attack on Round-Reduced Xoodyak

Mohammad Vaziri, University of Edinburgh

Vesselin Velichkov, University of Edinburgh

Abstract

Since the announcement of the NIST call for a new lightweight cryptographic standard, a lot of schemes have been proposed in response. Xoodyak is one of these schemes and is among the finalists of the NIST competition with a sponge structure very similar to the Keccak hash function – the winner of the SHA3 NIST competition. In this paper with conditional cube attack technique, we fully recover the key of Xoodyak reduced to 6 and 7 rounds with time complexity resp. 2^{42.58} and 2^{76.003} in the nonce-reusing scenario. In our attack setting, we import the cube variables in the absorbing associated data phase, which has higher degree of freedom in comparison to data absorption phase. We use MILP tool for finding enough cube variables to perform the conditional key recovery attack. The 6-round attack is practical and has been implemented. To the best of our knowledge, this is the first proposed attack on 7-round Xoodyak.

Metadata

Available format(s): PDF
Category: Attacks and cryptanalysis
Publication info: Published elsewhere. 1st ACNS Workshop on Automated Methods and Data-driven Techniques in Symmetric-key Cryptanalysis
Keywords: Xoodyak Symmetric-key Cryptanalysis Conditional Cube Attack Lightweight Cryptography MILP
Contact author(s): mohammad vaziri @ ed ac uk
vvelichk @ exseed ed ac uk
History: 2023-06-19: approved; 2023-06-15: received; See all versions
Short URL: https://ia.cr/2023/936
License: CC BY

BibTeX

@misc{cryptoeprint:2023/936,
      author = {Mohammad Vaziri and Vesselin Velichkov},
      title = {Conditional Cube Key Recovery Attack on Round-Reduced Xoodyak},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/936},
      year = {2023},
      url = {https://eprint.iacr.org/2023/936}
}