Paper 2024/563

A Note on Related-Tweakey Impossible Differential Attacks

Xavier Bonnetain, Université de Lorraine, CNRS, Inria, LORIA, Nancy, France
Virginie Lallemand, Université de Lorraine, CNRS, Inria, LORIA, Nancy, France
Abstract

In this note we review the technique proposed at ToSC 2018 by Sadeghi et al. for attacks built upon several related-tweakey impossible differential trails. We show that the initial encryption queries are improper and lead the authors to misevaluate a filtering value in the key recovery phase. We identified 4 other papers (from Eurocrypt, DCC, and 2 from ToSC) that follow on the results of Sadeghi et al., and in three of them the flawed technique was reused. We thus present a careful analysis of these types of attacks and give generic complexity formulas similar to the ones proposed by Boura et al. at Asiacrypt 2014. We apply these to the aforementioned papers and provide patched versions of their attacks. The main consequence is an increase in the memory complexity. We show that in many cases (a notable exception being quantum impossible differentials) it is possible to recover the numeric time estimates of the flawed analysis, and in all cases we were able to build a correct attack reaching the same number of rounds.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Published by the IACR in CIC 2024
DOI
10.62056/abbn-4c2h
Keywords
Impossible Differential AttackRelated-TweakeyComplexity Analysis
Contact author(s)
xavier bonnetain @ inria fr
virginie lallemand @ loria fr
History
2024-11-02: last of 2 revisions
2024-04-11: received
See all versions
Short URL
https://ia.cr/2024/563
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2024/563,
      author = {Xavier Bonnetain and Virginie Lallemand},
      title = {A Note on Related-Tweakey Impossible Differential Attacks},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/563},
      year = {2024},
      doi = {10.62056/abbn-4c2h},
      url = {https://eprint.iacr.org/2024/563}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.