International Association for Cryptologic Research

International Association
for Cryptologic Research


Paper: Breaking HALFLOOP-24

Marcus Dansarie , Swedish Defence University, Stockholm, Sweden; University of Skövde, Skövde, Sweden
Patrick Derbez , Univ Rennes, Centre National de la Recherche Scientifique (CNRS), Institut de Recherche en Informatique et Systèmes Aléatoires (IRISA), Rennes, France
Gregor Leander , Ruhr University Bochum, Bochum, Germany
Lukas Stennes , Ruhr University Bochum, Bochum, Germany
DOI: 10.46586/tosc.v2022.i3.217-238
Search ePrint
Search Google
Abstract: HALFLOOP-24 is a tweakable block cipher that is used to protect automatic link establishment messages in high frequency radio, a technology commonly used by government agencies and industries that need highly robust long-distance communications. We present the first public cryptanalysis of HALFLOOP-24 and show that HALFLOOP-24, despite its key size of 128 bits, is far from providing 128 bit security. More precisely, we give attacks for ciphertext-only, known-plaintext, chosen-plaintext and chosen-ciphertext scenarios. In terms of their complexities, most of them can be considered practical. However, in the real world, the amount of available data is too low for our attacks to work. Our strongest attack, a boomerang key-recovery, finds the first round key with less than 210 encryption and decryption queries. In conclusion, we strongly advise against using HALFLOOP-24.
  title={Breaking HALFLOOP-24},
  journal={IACR Transactions on Symmetric Cryptology},
  publisher={Ruhr-Universität Bochum},
  volume={2022, Issue 3},
  author={Marcus Dansarie and Patrick Derbez and Gregor Leander and Lukas Stennes},