A Meet-in-the-Middle Attack on Round-Reduced mCrypton Using the Differential Enumeration Technique

This paper describes a meet-in-the-middle (MITM) attack against the round reduced versions of the block cipher mCrypton-64/96/ 128. We construct a 4-round distinguisher and lower the memory requirement from 2100 to 244 using the differential enumeration technique. Based on the distinguisher, we launch a MITM attack on 7-round mCrypton-64/96/128 with complexities of 244 64-bit blocks and 257 encryptions. Then we extend the basic attack to 8 rounds for mCrypton-128 by adding some key-bridging techniques. The 8-round attack on mCrypton-128 requires a time complexity 2100 and a memory complexity 244. Furthermore, we construct a 5-round distinguisher and propose a MITM attack on 9-round mCrypton-128 with a time complexity of 2115 encryptions and a memory complexity of 2113 64-bit blocks.

[1]  Whitfield Diffie,et al.  Special Feature Exhaustive Cryptanalysis of the NBS Data Encryption Standard , 1977, Computer.

[2]  Adi Shamir,et al.  Improved Single-Key Attacks on 8-Round AES-192 and AES-256 , 2010, Journal of Cryptology.

[3]  Seokhie Hong,et al.  Collision Attacks on AES-192/256, Crypton-192/256, mCrypton-96/128, and Anubis , 2013, J. Appl. Math..

[4]  Shai Halevi Advances in Cryptology - CRYPTO 2009, 29th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 16-20, 2009. Proceedings , 2009, CRYPTO.

[5]  Information Security and Privacy , 1996, Lecture Notes in Computer Science.

[6]  Jiqiang Lu,et al.  Meet-in-the-Middle Attack on Reduced Versions of the Camellia Block Cipher , 2012, IWSEC.

[7]  Gerhard Goos,et al.  Fast Software Encryption , 2001, Lecture Notes in Computer Science.

[8]  Chae Hoon Lim,et al.  CRYPTON: A New 128-bit Block Cipher - Specification and Analysis , 1998 .

[9]  Andrey Bogdanov,et al.  Biclique Cryptanalysis of the Full AES , 2011, ASIACRYPT.

[10]  Yu Sasaki,et al.  Meet-in-the-Middle Preimage Attacks on Double-Branch Hash Functions: Application to RIPEMD and Others , 2009, ACISP.

[11]  Bart Preneel,et al.  Improved Meet-in-the-Middle Attacks on Reduced-Round DES , 2007, INDOCRYPT.

[12]  Chae Hoon Lim,et al.  mCrypton - A Lightweight Block Cipher for Security of Low-Cost RFID Tags and Sensors , 2005, WISA.

[13]  Keting Jia,et al.  A Meet-in-the-Middle Attack on the Full KASUMI , 2011, IACR Cryptol. ePrint Arch..

[14]  Jiqiang Lu,et al.  Meet-in-the-Middle Attack on 8 Rounds of the AES Block Cipher under 192 Key Bits , 2011, ISPEC.

[15]  John P. Steinberger,et al.  The preimage security of double-block-length compression functions , 2011, IACR Cryptol. ePrint Arch..

[16]  Aggelos Kiayias,et al.  Topics in Cryptology - CT-RSA 2011 - The Cryptographers' Track at the RSA Conference 2011, San Francisco, CA, USA, February 14-18, 2011. Proceedings , 2011, CT-RSA.

[17]  Mohammad Dakhilalian,et al.  Non-isomorphic Biclique Cryptanalysis and Its Application to Full-Round mCrypton , 2013, IACR Cryptol. ePrint Arch..

[18]  Jong Hyuk Park Security analysis of mCrypton proper to low-cost ubiquitous computing devices and applications , 2009 .

[19]  Jongsung Kim,et al.  New Impossible Differential Attacks on AES , 2008, INDOCRYPT.

[20]  Bimal Roy,et al.  Progress in Cryptology - INDOCRYPT 2009, 10th International Conference on Cryptology in India, New Delhi, India, December 13-16, 2009. Proceedings , 2009, INDOCRYPT.

[21]  Yu Sasaki,et al.  Meet-in-the-Middle Preimage Attacks on AES Hashing Modes and an Application to Whirlpool , 2011, FSE.

[22]  Bart Preneel,et al.  Meet-in-the-Middle Attacks on Reduced-Round XTEA , 2011, CT-RSA.

[23]  Ali Aydin Selçuk,et al.  A New Meet-in-the-Middle Attack on the IDEA Block Cipher , 2003, Selected Areas in Cryptography.

[24]  Jérémy Jean,et al.  Improved Key Recovery Attacks on Reduced-Round AES in the Single-Key Setting , 2013, IACR Cryptol. ePrint Arch..

[25]  Masakatsu Nishigaki,et al.  Advances in Information and Computer Security - 6th International Workshop, IWSEC 2011, Tokyo, Japan, November 8-10, 2011. Proceedings , 2011, IWSEC.

[26]  Yu Sasaki,et al.  Meet-in-the-Middle Preimage Attacks Against Reduced SHA-0 and SHA-1 , 2009, CRYPTO.

[27]  Markus Kasper,et al.  The World is Not Enough: Another Look on Second-Order DPA , 2010, IACR Cryptol. ePrint Arch..

[28]  C. Pandu Rangan,et al.  Progress in Cryptology - INDOCRYPT 2007, 8th International Conference on Cryptology in India, Chennai, India, December 9-13, 2007, Proceedings , 2007, INDOCRYPT.

[29]  Andrey Bogdanov,et al.  A 3-Subset Meet-in-the-Middle Attack: Cryptanalysis of the Lightweight Block Cipher KTANTAN , 2010, IACR Cryptol. ePrint Arch..

[30]  Thomas Peyrin,et al.  Super-Sbox Cryptanalysis: Improved Attacks for AES-Like Permutations , 2010, FSE.

[31]  Seokhie Hong,et al.  Weakness of lightweight block ciphers mCrypton and LED against biclique cryptanalysis , 2015, Peer Peer Netw. Appl..

[32]  Nick Howgrave-Graham,et al.  A Hybrid Lattice-Reduction and Meet-in-the-Middle Attack Against NTRU , 2007, CRYPTO.

[33]  Phong Q. Nguyen,et al.  Advances in Cryptology – EUROCRYPT 2013 , 2013, Lecture Notes in Computer Science.

[34]  Ali Aydin Selçuk,et al.  A Meet-in-the-Middle Attack on 8-Round AES , 2008, FSE.

[35]  A. J. Menezes,et al.  Advances in Cryptology - CRYPTO 2007, 27th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 19-23, 2007, Proceedings , 2007, CRYPTO.

[36]  Joan Daemen,et al.  AES Proposal : Rijndael , 1998 .

[37]  Hüseyin Demirci,et al.  Improved Meet-in-the-Middle Attacks on AES , 2009, INDOCRYPT.

[38]  Mohammad Dakhilalian,et al.  Cryptanalysis of mCrypton - A lightweight block cipher for security of RFID tags and sensors , 2012, Int. J. Commun. Syst..

[39]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.

[40]  Jiazhe Chen,et al.  Low Data Complexity Attack on Reduced Camellia-256 , 2012, ACISP.