Improved Key Recovery Attack on Round-reduced Hierocrypt-L1 in the Single-Key Setting

Hierocrypt-L1 is a 64-bit block cipher with a 128-bit key. It was selected among the Japanese e-Government 2003 recommended ciphers list and has been reselected in the 2013 candidate recommended ciphers list. In this work, we cryptanalyze Hierocrypt-L1 in the single-key setting. In particular, we construct a 5 S-box layers distinguisher that we utilize to launch a meet-in-the-middle attack on 8 S-box layers round-reduced Hierocrypt-L1 using the differential enumeration technique. Our attack allows us to recover the master key with data complexity of 249 chosen plaintexts, time complexity of 2114.8 8-Sbox layers Hierocrypt-L1 encryptions and memory complexity of 2106 64-bit blocks. Up to the authors' knowledge, this is the first cryptanalysis result that reaches 8 S-box layers of Hierocrypt-L1 in the single-key setting.

[1]  F. MacWilliams,et al.  The Theory of Error-Correcting Codes , 1977 .

[2]  Nick Howgrave-Graham,et al.  A Hybrid Lattice-Reduction and Meet-in-the-Middle Attack Against NTRU , 2007, CRYPTO.

[3]  Ali Aydin Selçuk,et al.  A Meet-in-the-Middle Attack on 8-Round AES , 2008, FSE.

[4]  Andrey Bogdanov,et al.  A 3-Subset Meet-in-the-Middle Attack: Cryptanalysis of the Lightweight Block Cipher KTANTAN , 2010, IACR Cryptol. ePrint Arch..

[5]  Amr M. Youssef,et al.  Differential Sieving for 2-Step Matching Meet-in-the-Middle Attack with Application to LBlock , 2014, LightSec.

[6]  Kenji Ohkuma,et al.  The Block Cipher Hierocrypt , 2000, Selected Areas in Cryptography.

[7]  Jérémy Jean,et al.  Improved Key Recovery Attacks on Reduced-Round AES in the Single-Key Setting , 2013, IACR Cryptol. ePrint Arch..

[8]  Paulo S. L. M. Barreto,et al.  Improved SQUARE Attacks against Reduced-Round HIEROCRYPT , 2001, FSE.

[9]  Bart Preneel,et al.  Meet-in-the-Middle Attacks on Reduced-Round XTEA , 2011, CT-RSA.

[10]  Florian Mendel,et al.  The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grøstl , 2009, FSE.

[11]  Shuang Wu,et al.  Investigating Fundamental Security Requirements on Whirlpool: Improved Preimage and Collision Attacks , 2012, ASIACRYPT.

[12]  Vincent Rijmen,et al.  The Block Cipher Square , 1997, FSE.

[13]  Bart Preneel,et al.  Improved Meet-in-the-Middle Attacks on Reduced-Round DES , 2007, INDOCRYPT.

[14]  Adi Shamir,et al.  Improved Single-Key Attacks on 8-Round AES-192 and AES-256 , 2010, Journal of Cryptology.

[15]  Amr M. Youssef,et al.  Meet-in-the-Middle Attacks on Reduced-Round Hierocrypt-3 , 2015, LATINCRYPT.

[16]  Kazumaro Aoki,et al.  Differential and Impossible Differential Related-Key Attacks on Hierocrypt-L1 , 2014, ACISP.

[17]  Alex Biryukov,et al.  Differential Analysis and Meet-in-the-Middle Attack Against Round-Reduced TWINE , 2015, FSE.

[18]  Yonglin Hao,et al.  A Meet-in-the-Middle Attack on Round-Reduced mCrypton Using the Differential Enumeration Technique , 2015, NSS.

[19]  Yu Sasaki,et al.  Improved Preimage Attack for 68-Step HAS-160 , 2009, ICISC.

[20]  Amr M. Youssef,et al.  Preimage Attacks on Reduced-Round Stribog , 2014, AFRICACRYPT.

[21]  Amr M. Youssef,et al.  Meet in the Middle Attacks on Reduced Round Kuznyechik , 2015, IACR Cryptol. ePrint Arch..

[22]  Hüseyin Demirci,et al.  Improved Meet-in-the-Middle Attacks on AES , 2009, INDOCRYPT.