Improved meet-in-the-middle attacks on reduced-round Kalyna-128/256 and Kalyna-256/512

Kalyna is an SPN-based block cipher that was selected during the Ukrainian National Public Cryptographic Competition (2007–2010) and its slight modification was approved as the new encryption standard of Ukraine. In this paper, we focus on the key-recovery attacks on reduced-round Kalyna-128/256 and Kalyna-256/512 with the meet-in-the-middle method. The differential enumeration technique and key-dependent sieve technique which are popular to analyze AES are used to attack them. Using the key-dependent sieve technique to improve the complexity is not an easy task, we should build some tables to achieve this. Since the encryption procedure of Kalyna employs pre- and post-whitening operations using addition modulo $$2^{64}$$264 applied on the state columns independently, we carefully study the propagation of this operation and propose an addition plaintext structure to solve this. For Kalyna-128/256, we propose a 6-round distinguisher, and achieve a 9-round (out of total 14-round) attack. For Kalyna-256/512, we propose a 7-round distinguisher, then achieve an 11-round (out of total 18-round) attack. As far as we know, these are currently the best results on Kalyna-128/256 and Kalyna-256/512.

[1]  Keting Jia,et al.  Improved Single-Key Attacks on 9-Round AES-192/256 , 2014, FSE.

[2]  Ali Aydin Selçuk,et al.  A Meet-in-the-Middle Attack on 8-Round AES , 2008, FSE.

[3]  Jérémy Jean,et al.  Improved Key Recovery Attacks on Reduced-Round AES in the Single-Key Setting , 2013, IACR Cryptol. ePrint Arch..

[4]  Li Lin,et al.  General Model of the Single-Key Meet-in-the-Middle Distinguisher on the Word-Oriented Block Cipher , 2013, ICISC.

[5]  Vincent Rijmen,et al.  Understanding Two-Round Differentials in AES , 2006, SCN.

[6]  Keting Jia,et al.  Improved Meet-in-the-Middle Attacks on AES-192 and PRINCE , 2013, IACR Cryptol. ePrint Arch..

[7]  Hüseyin Demirci,et al.  Improved Meet-in-the-Middle Attacks on AES , 2009, INDOCRYPT.

[8]  Amr M. Youssef,et al.  A Meet-in-the-Middle Attack on Reduced-Round Kalyna-b/2b , 2016, IEICE Trans. Inf. Syst..

[9]  Donghoon Chang,et al.  Single Key Recovery Attacks on 9-Round Kalyna-128/256 and Kalyna-256/512 , 2015, ICISC.

[10]  Vincent Rijmen,et al.  The Design of Rijndael , 2002, Information Security and Cryptography.

[11]  Whitfield Diffie,et al.  Special Feature Exhaustive Cryptanalysis of the NBS Data Encryption Standard , 1977, Computer.

[12]  Adi Shamir,et al.  Improved Single-Key Attacks on 8-Round AES-192 and AES-256 , 2010, Journal of Cryptology.

[13]  Keting Jia,et al.  Improved Meet-in-the-Middle Attacks on Reduced-Round Camellia-192/256 , 2014, IACR Cryptol. ePrint Arch..

[14]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[15]  Roman Oliynykov,et al.  A New Encryption Standard of Ukraine: The Kalyna Block Cipher , 2015, IACR Cryptol. ePrint Arch..