Meet-in-the-Middle Attacks on Reduced-Round Hierocrypt-3

Hierocrypt-3 is an SPN-based block cipher designed by Toshiba Corporation. It operates on 128-bit state using either 128, 192 or 256-bit key. In this paper, we present two meet-in-the-middle attacks in the single-key setting on the 4-round reduced Hierocrypt-3 with 256-bit key. The first attack is based on the differential enumeration approach where we propose a truncated differential characteristic in the first 2.5 rounds and match a multiset of state differences at its output. The other attack is based on the original meet-in-the-middle attack strategy proposed by Demirci and Selcuk at FSE 2008 to attack reduced versions of both AES-192 and AES-256. For our attack based on the differential enumeration, the master key is recovered with data complexity of $$2^{113}$$2113 chosen plaintexts, time complexity of $$2^{238}$$2238 4-round reduced Hierocrypt-3 encryptions and memory complexity of $$2^{218}$$2218 128-bit blocks. The data, time and memory complexities of our second attack are $$2^{32}$$232, $$2^{245}$$2245 and $$2^{242}$$2242, respectively. To the best of our knowledge, these are the first attacks on 4-round reduced Hierocrypt-3.

[1]  Vincent Rijmen,et al.  Obervations on Hierocrypt-3/L1 key scheduling algorithms , 2001 .

[2]  Jérémy Jean,et al.  Improved Key Recovery Attacks on Reduced-Round AES in the Single-Key Setting , 2013, IACR Cryptol. ePrint Arch..

[3]  Yonglin Hao,et al.  A Meet-in-the-Middle Attack on Round-Reduced mCrypton Using the Differential Enumeration Technique , 2015, NSS.

[4]  Whitfield Diffie,et al.  Special Feature Exhaustive Cryptanalysis of the NBS Data Encryption Standard , 1977, Computer.

[5]  Adi Shamir,et al.  Improved Single-Key Attacks on 8-Round AES-192 and AES-256 , 2010, Journal of Cryptology.

[6]  Amr M. Youssef,et al.  Differential Sieving for 2-Step Matching Meet-in-the-Middle Attack with Application to LBlock , 2014, LightSec.

[7]  Yu Sasaki,et al.  Improved Preimage Attack for 68-Step HAS-160 , 2009, ICISC.

[8]  Amr M. Youssef,et al.  Preimage Attacks on Reduced-Round Stribog , 2014, AFRICACRYPT.

[9]  Ali Aydin Selçuk,et al.  A Meet-in-the-Middle Attack on 8-Round AES , 2008, FSE.

[10]  Amr M. Youssef,et al.  Meet in the Middle Attacks on Reduced Round Kuznyechik , 2015, IACR Cryptol. ePrint Arch..

[11]  Hüseyin Demirci,et al.  Improved Meet-in-the-Middle Attacks on AES , 2009, INDOCRYPT.

[12]  Amr M. Youssef,et al.  Second Preimage Analysis of Whirlwind , 2014, Inscrypt.

[13]  Shuang Wu,et al.  Investigating Fundamental Security Requirements on Whirlpool: Improved Preimage and Collision Attacks , 2012, ASIACRYPT.

[14]  Kenji Ohkuma,et al.  The Block Cipher Hierocrypt , 2000, Selected Areas in Cryptography.

[15]  Paulo S. L. M. Barreto,et al.  Improved SQUARE Attacks against Reduced-Round HIEROCRYPT , 2001, FSE.

[16]  Florian Mendel,et al.  The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grøstl , 2009, FSE.

[17]  Vincent Rijmen,et al.  The Block Cipher Square , 1997, FSE.

[18]  Andrey Bogdanov,et al.  A 3-Subset Meet-in-the-Middle Attack: Cryptanalysis of the Lightweight Block Cipher KTANTAN , 2010, IACR Cryptol. ePrint Arch..

[19]  Andrey Bogdanov,et al.  Biclique Cryptanalysis of the Full AES , 2011, ASIACRYPT.

[20]  Anne Canteaut,et al.  Sieve-in-the-Middle: Improved MITM Attacks (Full Version) , 2013, IACR Cryptol. ePrint Arch..