Paper 2025/1806

Improved Integral Attack on ChiLow-32 Exploiting the Inverse of the ChiChi Function

Akram Khalesi, Research Center for Development of Advanced Technologies, Tehran, Iran
Zahra Ahmadian, Shahid Beheshti University, Tehran, Iran
Hosein Hadipour, Ruhr Bochum University, Bochum, Germany
Abstract

The protection of executable code in embedded systems requires efficient mechanisms that ensure confidentiality and integrity. Belkheyar et al. recently proposed the Authenticated Code Encryption (ACE) framework, with ChiLow-(32 + $\tau$) as the first instantiation of ACE2 at EUROCRYPT 2025. The design of ChiLow-(32 + $\tau$) is based on a 32-bit tweakable block cipher with a quadratic nonlinear layer, known as ChiChi (denoted by $\chi\!\!\chi$), and a nested tweak key schedule optimized for secure code execution under strict query limits. In this work, we study the resistance of ChiLow to integral cryptanalysis. We identify new integral distinguishers in both the single-tweak and related-tweak models. Using these results and a nested strategy to recover all round tweaks, we present a key-recovery attack on 7 out of 8 rounds of ChiLow. The central contribution of our work is that it resolves the challenge of deriving the master key from the recovered round tweaks, an open problem highlighted by the designers and in a recent cryptanalysis by Peng et al. The attack on 7 rounds requires $2^{6.32}$ chosen ciphertexts, has a time complexity of about $2^{121.75}$ encryptions, and requires negligible memory.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Preprint.
Keywords
CryptanalysisIntegral attackAuthenticated Code EncryptionChiLowChiChi
Contact author(s)
khalesi @ rcdat ac ir
z_ahmadian @ sbu ac ir
hossein hadipour @ ruhr-uni-bochum de
History
2026-02-25: revised
2025-10-02: received
See all versions
Short URL
https://ia.cr/2025/1806
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2025/1806,
      author = {Akram Khalesi and Zahra Ahmadian and Hosein Hadipour},
      title = {Improved Integral Attack on {ChiLow}-32 Exploiting the Inverse of the {ChiChi} Function},
      howpublished = {Cryptology {ePrint} Archive, Paper 2025/1806},
      year = {2025},
      url = {https://eprint.iacr.org/2025/1806}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.