Meet-in-the-Middle Attacks on Reduced-Round Midori64

Midori is a lightweight block cipher designed by Banik et al. at ASIACRYPT 2015. One version of Midori uses a 64-bit state, another uses a 128-bit state and we denote these versions Midori-64 and Midori128. Each of these versions uses a 128-bit key. In this paper, we focus on the key-recovery attacks on reduced-round Midori-64 with meet-in-themiddle method. We use the differential enumeration technique and keydependent sieve technique which are popular to analyze AES to attack Midori-64. We propose a 6-round distinguisher, and achieve a 10-round attack with time complexity of 2 10-round Midori-64 encryptions, data complexity of 2 chosen-plaintexts and memory complexity of 2 64-bit blocks. After that, by adding one round at the end, we get an 11-round attack with time complexity of 2 11-round Midori-64 encryptions, data complexity of 2 chosen-plaintexts and memory complexity of 2 64-bit blocks. Finally, with a 7-round distinguisher, we get an attack on 12-round Midori-64 with time complexity of 2 12round Midori-64 encryptions, data complexity of 2 chosen-plaintexts and memory complexity of 2 64-bit blocks. To the best of our knowledge, this is recently the best attack on Midori-64.

[1]  Whitfield Diffie,et al.  Special Feature Exhaustive Cryptanalysis of the NBS Data Encryption Standard , 1977, Computer.

[2]  Marine Minier,et al.  A Collision Attack on 7 Rounds of Rijndael , 2000, AES Candidate Conference.

[3]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[4]  Vincent Rijmen,et al.  Understanding Two-Round Differentials in AES , 2006, SCN.

[5]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[6]  Ali Aydin Selçuk,et al.  A Meet-in-the-Middle Attack on 8-Round AES , 2008, FSE.

[7]  Hüseyin Demirci,et al.  Improved Meet-in-the-Middle Attacks on AES , 2009, INDOCRYPT.

[8]  Wenling Wu,et al.  LBlock: A Lightweight Block Cipher , 2011, ACNS.

[9]  Kazuhiko Minematsu,et al.  $\textnormal{\textsc{TWINE}}$ : A Lightweight Block Cipher for Multiple Platforms , 2012, Selected Areas in Cryptography.

[10]  Jérémy Jean,et al.  Improved Key Recovery Attacks on Reduced-Round AES in the Single-Key Setting , 2013, IACR Cryptol. ePrint Arch..

[11]  Anne Canteaut,et al.  PRINCE - A Low-Latency Block Cipher for Pervasive Computing Applications - Extended Abstract , 2012, ASIACRYPT.

[12]  Keting Jia,et al.  Improved Meet-in-the-Middle Attacks on AES-192 and PRINCE , 2013, IACR Cryptol. ePrint Arch..

[13]  Adi Shamir,et al.  Improved Single-Key Attacks on 8-Round AES-192 and AES-256 , 2010, Journal of Cryptology.

[14]  Li Lin,et al.  General Model of the Single-Key Meet-in-the-Middle Distinguisher on the Word-Oriented Block Cipher , 2013, ICISC.

[15]  Keting Jia,et al.  Improved Single-Key Attacks on 9-Round AES-192/256 , 2014, FSE.

[16]  Kyoji Shibutani,et al.  Midori: A Block Cipher for Low Energy (Extended Version) , 2015, IACR Cryptol. ePrint Arch..

[17]  Kyoji Shibutani,et al.  Midori: A Block Cipher for Low Energy , 2015, ASIACRYPT.

[18]  Yu Sasaki,et al.  Invariant Subspace Attack Against Full Midori64 , 2015, IACR Cryptol. ePrint Arch..

[19]  Léo Perrin,et al.  Meet-in-the-Middle Attacks and Structural Analysis of Round-Reduced PRINCE , 2015, Journal of Cryptology.

[20]  Chenhui Jin,et al.  Meet-in-the-middle attacks on 10-round AES-256 , 2016, Des. Codes Cryptogr..

[21]  Yu Sasaki,et al.  Nonlinear Invariant Attack: Practical Attack on Full SCREAM, iSCREAM, and Midori64 , 2016, Journal of Cryptology.

[22]  Pierre-Alain Fouque,et al.  Automatic Search of Meet-in-the-Middle and Impossible Differential Attacks , 2016, CRYPTO.

[23]  Xiaoyun Wang,et al.  Impossible Differential Cryptanalysis of Midori , 2016, IACR Cryptol. ePrint Arch..

[24]  Yanzhao Shen,et al.  Cryptanalysis of Reduced-Round Midori64 Block Cipher , 2016, IACR Cryptol. ePrint Arch..

[25]  H. Gilbert A collisions attack on the 7-rounds Rijndael , 2022 .