International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Cryptanalysis Results on Spook: Bringing Full-round Shadow-512 to the Light

Authors:
Patrick Derbez , Univ Rennes, CNRS, IRISA, France
Paul Huynh , Université de Lorraine, CNRS, Inria, LORIA, France
Virginie Lallemand , Université de Lorraine, CNRS, Inria, LORIA, France
Maria Naya-Plasencia , Inria, Paris, France
Léo Perrin , Inria, Paris, France
André Schrottenloher , Inria, Paris, France
Download:
DOI: 10.1007/978-3-030-56877-1_13 (login may be required)
Search ePrint
Search Google
Presentation: Slides
Conference: CRYPTO 2020
Abstract: Spook is one of the 32 candidates that has made it to the second round of the NIST Lightweight Cryptography Standardization process, and is particularly interesting since it proposes differential side channel resistance. In this paper, we present practical distinguishers of the full 6-step version of the underlying permutations of Spook, namely Shadow-512 and Shadow-384, solving challenges proposed by the designers on the permutation. We also propose practical forgeries with 4-step Shadow for the S1P mode of operation in the nonce misuse scenario, which is allowed by the CIML2 security game considered by the authors. All the results presented in this paper have been implemented.
Video from CRYPTO 2020
BibTeX
@inproceedings{crypto-2020-30363,
  title={Cryptanalysis Results on Spook: Bringing Full-round Shadow-512 to the Light},
  publisher={Springer-Verlag},
  doi={10.1007/978-3-030-56877-1_13},
  author={Patrick Derbez and Paul Huynh and Virginie Lallemand and Maria Naya-Plasencia and Léo Perrin and André Schrottenloher},
  year=2020
}