Paper 2024/2090
Breaking the Shadow: Key Recovery Attack on Full-Round Shadow Block Ciphers with Minimal Data
Abstract
Shadow is a family of lightweight block ciphers introduced by Guo, Li, and Liu in 2021, with Shadow-32 having a 32-bit block size and a 64-bit key, and Shadow-64 having a 64-bit block size and a 128-bit key. Both variants use a generalized Feistel network with four branches, incorporating the AND-Rotation-XOR operation similar to the Simon family for their bridging function. This paper reveals that the security claims of the Shadow family are not as strong as suggested. We present a key recovery attack that can retrieve the sequence of round keys used for encryption with only two known plaintext/ciphertext pairs, requiring time and memory complexity of $2^{43.23}$ encryptions and $2^{21.62}$ blocks of memory for Shadow-32, and complexity of $2^{81.32}$ encryptions and $2^{40.66}$ blocks of memory for Shadow-64. Notably, this attack is independent of the number of rounds and the bridging function employed. Furthermore, we critically evaluate one of the recent cryptanalysis on Shadow ciphers and identify significant flaws in the proposed key recovery attacks. In particular, we demonstrate that the distinguisher used in impossible differential attacks by Liu et al. is ineffective for key recovery, despite their higher claimed complexities compared to ours.
Metadata
- Available format(s)
-
PDF
- Category
- Secret-key cryptography
- Publication info
- Preprint.
- Contact author(s)
-
cheanda22 @ mails ucas ac cn
shahram rasoolzadeh @ rub de - History
- 2024-12-30: approved
- 2024-12-29: received
- See all versions
- Short URL
- https://ia.cr/2024/2090
- License
-
CC BY-NC
BibTeX
@misc{cryptoeprint:2024/2090,
author = {Anda Che and Shahram Rasoolzadeh},
title = {Breaking the Shadow: Key Recovery Attack on Full-Round Shadow Block Ciphers with Minimal Data},
howpublished = {Cryptology {ePrint} Archive, Paper 2024/2090},
year = {2024},
url = {https://eprint.iacr.org/2024/2090}
}
