International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Practical Key-Recovery Attack on MANTIS5

Authors:
Christoph Dobraunig , Graz University of Technology
Maria Eichlseder , Graz University of Technology
Daniel Kales , Graz University of Technology, Austria
Florian Mendel , IAIK, Graz University of Technology
Download:
DOI: 10.13154/tosc.v2016.i2.248-260
URL: http://tosc.iacr.org/index.php/ToSC/article/view/573
Search ePrint
Search Google
Abstract: MANTIS is a lightweight tweakable block cipher published at CRYPTO 2016. In addition to the full 14-round version, MANTIS7, the designers also propose an aggressive 10-round version, MANTIS5. The security claim for MANTIS5 is resistance against “practical attacks”, defined as related-tweak attacks with data complexity 2d less than 230 chosen plaintexts (or 240 known plaintexts), and computational complexity at most 2126−d. We present a key-recovery attack against MANTIS5 with 228 chosen plaintexts and a computational complexity of about 238 block cipher calls, which violates this claim. Our attack is based on a family of differential characteristics and exploits several properties of the lightweight round function and tweakey schedule. To verify the validity of the attack, we also provide a practical implementation which recovers the full key in about 1 core hour using 230 chosen plaintexts.
BibTeX
@article{tosc-2016-28120,
  title={Practical Key-Recovery Attack on MANTIS5},
  journal={IACR Trans. Symmetric Cryptol.},
  publisher={Ruhr-Universität Bochum},
  volume={2016, Issue 2},
  pages={248-260},
  url={http://tosc.iacr.org/index.php/ToSC/article/view/573},
  doi={10.13154/tosc.v2016.i2.248-260},
  author={Christoph Dobraunig and Maria Eichlseder and Daniel Kales and Florian Mendel},
  year=2016
}