## CryptoDB

### Paper: Cryptanalytic Time–Memory–Data Trade-offs for FX-Constructions and the Affine Equivalence Problem

Authors: Itai Dinur DOI: 10.1007/s00145-019-09332-0 Search ePrint Search Google The FX-construction was proposed in 1996 by Kilian and Rogaway as a generalization of the DESX scheme. The construction increases the security of an n -bit core block cipher with a $\kappa$ κ -bit key by using two additional n -bit masking keys. Recently, several concrete instances of the FX-construction were proposed, including PRINCE, PRIDE and MANTIS (presented at ASIACRYPT 2012, CRYPTO 2014 and CRYPTO 2016, respectively). In this paper, we devise new cryptanalytic time–memory–data trade-off attacks on FX-constructions. By fine-tuning the parameters to the recent FX-construction proposals, we show that the security margin of these ciphers against practical attacks is smaller than expected. Our techniques combine a special form of time–memory–data trade-offs, typically applied to stream ciphers, with a cryptanalytic technique by Fouque, Joux and Mavromati. In the final part of the paper, we show that the techniques we use in cryptanalysis of the FX-construction are applicable to additional schemes. In particular, we use related methods in order to devise new time–memory trade-offs for solving the affine equivalence problem. In this problem, the input consists of two functions $F,G: \{0,1\}^n \rightarrow \{0,1\}^n$ F , G : { 0 , 1 } n → { 0 , 1 } n , and the goal is to determine whether there exist invertible affine transformations $A_1,A_2$ A 1 , A 2 over $GF(2)^n$ G F ( 2 ) n such that $G = A_2 \circ F \circ A_1$ G = A 2 ∘ F ∘ A 1 .
##### BibTeX
@article{jofc-2019-30128,
title={Cryptanalytic Time–Memory–Data Trade-offs for FX-Constructions and the Affine Equivalence Problem},
journal={Journal of Cryptology},
publisher={Springer},
doi={10.1007/s00145-019-09332-0},
author={Itai Dinur},
year=2019
}