International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Multiset-Algebraic Cryptanalysis of Reduced Kuznyechik, Khazad, and secret SPNs

Authors:
Alex Biryukov , SnT, CSC, University of Luxembourg
Dmitry Khovratovich , University of Luxembourg
Léo Perrin , SnT, University of Luxembourg
Download:
DOI: 10.13154/tosc.v2016.i2.226-247
URL: http://tosc.iacr.org/index.php/ToSC/article/view/572
Search ePrint
Search Google
Abstract: We devise the first closed formula for the number of rounds of a blockcipher with secret components so that these components can be revealed using multiset, algebraic-degree, or division-integral properties, which in this case are equivalent. Using the new result, we attack 7 (out of 9) rounds of Kuznyechik, the recent Russian blockcipher standard, thus halving its security margin. With the same technique we attack 6 (out of 8) rounds of Khazad, the legacy 64-bit blockcipher. Finally, we show how to cryptanalyze and find a decomposition of generic SPN construction for which the inner-components are secret. All the attacks are the best to date.
BibTeX
@article{tosc-2016-28127,
  title={Multiset-Algebraic Cryptanalysis of Reduced Kuznyechik, Khazad, and secret SPNs},
  journal={IACR Trans. Symmetric Cryptol.},
  publisher={Ruhr-Universität Bochum},
  volume={2016, Issue 2},
  pages={226-247},
  url={http://tosc.iacr.org/index.php/ToSC/article/view/572},
  doi={10.13154/tosc.v2016.i2.226-247},
  author={Alex Biryukov and Dmitry Khovratovich and Léo Perrin},
  year=2016
}