Meet-in-the-Middle Attacks on Round-Reduced Khudra

Khudra is a hardware-oriented lightweight block cipher that is designed to run efficiently on Field Programmable Gate Arrays. It employs an 18-rounds Generalized type-2 Feistel Structure with a 64-bit block length and an 80-bit key. In this paper, we present Meet-in-the-Middle MitM attacks on 13 and 14 round-reduced Khudra. These attacks are based on finding a distinguisher that is evaluated offline independently of the key. Then in an online phase, some rounds are appended before and after the distinguisher and the correct key candidates for these rounds are checked whether they verify the distinguisher property or not. Using this technique, we find two 6-round distinguishers and use them to attack 13 and 14 rounds of Khudra with time complexity of 266.11 and 266.19, respectively. Both attacks require the same data and memory complexities of 251 chosen plaintexts and 264.8 64-bit blocks, respectively.

[1]  Jérémy Jean,et al.  Improved Key Recovery Attacks on Reduced-Round AES in the Single-Key Setting , 2013, IACR Cryptol. ePrint Arch..

[2]  Alex Biryukov,et al.  Differential Analysis and Meet-in-the-Middle Attack Against Round-Reduced TWINE , 2015, FSE.

[3]  Yonglin Hao,et al.  A Meet-in-the-Middle Attack on Round-Reduced mCrypton Using the Differential Enumeration Technique , 2015, NSS.

[4]  Phillip Rogaway,et al.  On Generalized Feistel Networks , 2010, CRYPTO.

[5]  Andrey Bogdanov,et al.  A 3-Subset Meet-in-the-Middle Attack: Cryptanalysis of the Lightweight Block Cipher KTANTAN , 2010, IACR Cryptol. ePrint Arch..

[6]  Ali Aydin Selçuk,et al.  A Meet-in-the-Middle Attack on 8-Round AES , 2008, FSE.

[7]  Christophe De Cannière,et al.  KATAN and KTANTAN - A Family of Small and Efficient Hardware-Oriented Block Ciphers , 2009, CHES.

[8]  Kazuhiko Minematsu,et al.  $\textnormal{\textsc{TWINE}}$ : A Lightweight Block Cipher for Multiple Platforms , 2012, Selected Areas in Cryptography.

[9]  Yee Wei Law,et al.  KLEIN: A New Family of Lightweight Block Ciphers , 2010, RFIDSec.

[10]  Debdeep Mukhopadhyay,et al.  Khudra: A New Lightweight Block Cipher for FPGAs , 2014, SPACE.

[11]  María Naya-Plasencia,et al.  Block Ciphers That Are Easier to Mask: How Far Can We Go? , 2013, CHES.

[12]  Jongsung Kim,et al.  HIGHT: A New Block Cipher Suitable for Low-Resource Device , 2006, CHES.

[13]  Li Lin,et al.  Improved Meet-in-the-Middle Distinguisher on Feistel Schemes , 2015, SAC.

[14]  Bo Zhu,et al.  Multidimensional meet-in-the-middle attack and its applications to KATAN32/48/64 , 2014, Cryptography and Communications.

[15]  Adi Shamir,et al.  Improved Single-Key Attacks on 8-Round AES-192 and AES-256 , 2010, Journal of Cryptology.

[16]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[17]  Whitfield Diffie,et al.  Special Feature Exhaustive Cryptanalysis of the NBS Data Encryption Standard , 1977, Computer.

[18]  Yu Sasaki,et al.  Meet-in-the-Middle Attacks on Generic Feistel Constructions , 2014, ASIACRYPT.

[19]  Léo Perrin,et al.  Meet-in-the-Middle Attacks and Structural Analysis of Round-Reduced PRINCE , 2015, Journal of Cryptology.

[20]  Amr M. Youssef,et al.  Meet-in-the-Middle Attacks on Reduced-Round Hierocrypt-3 , 2015, LATINCRYPT.