Paper 2024/563
A Note on Related-Tweakey Impossible Differential Attacks
Abstract
In this note we review the technique proposed at ToSC 2018 by Sadeghi et al. for attacks built upon several related-tweakey impossible differential trails. We show that the initial encryption queries are improper and lead the authors to misevaluate a filtering value in the key recovery phase. We identified 4 other papers (from Eurocrypt, DCC, and 2 from ToSC) that follow on the results of Sadeghi et al., and in three of them the flawed technique was reused. We thus present a careful analysis of these types of attacks and give generic complexity formulas similar to the ones proposed by Boura et al. at Asiacrypt 2014. We apply these to the aforementioned papers and provide patched versions of their attacks. The main consequence is an increase in the memory complexity. We show that in many cases (a notable exception being quantum impossible differentials) it is possible to recover the numeric time estimates of the flawed analysis, and in all cases we were able to build a correct attack reaching the same number of rounds.
Metadata
- Available format(s)
- Category
- Attacks and cryptanalysis
- Publication info
- Published by the IACR in CIC 2024
- DOI
- 10.62056/abbn-4c2h
- Keywords
- Impossible Differential AttackRelated-TweakeyComplexity Analysis
- Contact author(s)
-
xavier bonnetain @ inria fr
virginie lallemand @ loria fr - History
- 2024-11-02: last of 2 revisions
- 2024-04-11: received
- See all versions
- Short URL
- https://ia.cr/2024/563
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/563, author = {Xavier Bonnetain and Virginie Lallemand}, title = {A Note on Related-Tweakey Impossible Differential Attacks}, howpublished = {Cryptology {ePrint} Archive, Paper 2024/563}, year = {2024}, doi = {10.62056/abbn-4c2h}, url = {https://eprint.iacr.org/2024/563} }