International Association for Cryptologic Research

International Association
for Cryptologic Research


Differential Meet-In-The-Middle Cryptanalysis

María Naya-Plasencia , Inria, France
Christina Boura , Université Paris-Saclay, UVSQ, CNRS, Laboratoire de mathématiques de Versailles, 78000, Versailles, France
Nicolas David , Inria, France
Patrick Derbez , Univ Rennes, Inria, CNRS, IRISA, France
Gregor Leander , Ruhr University Bochum, Bochum, Germany
DOI: 10.1007/978-3-031-38548-3_9 (login may be required)
Search ePrint
Search Google
Presentation: Slides
Conference: CRYPTO 2023
Abstract: In this paper we introduce the differential meet-in-the-middle framework, a new cryptanalysis technique for symmetric primitives. Our new cryptanalysis method combines techniques from both meet-in-the-middle and differential cryptanalysis. As such, the introduced technique can be seen as a way of extending meet-in-the-middle attacks and their variants but also as a new way to perform the key recovery part in differential attacks. We apply our approach to SKINNY-128-384 in the single key model and to AES-256 in the related-key model. Our attack on SKINNY-128-384 permits to break 25 out of the 56 rounds of this variant and improves by two rounds the previous best known attacks. For AES-256 we attack 12 rounds by considering two related keys, thus outperforming the previous best related-key attack on AES-256 with only two related keys by 2 rounds.
  title={Differential Meet-In-The-Middle Cryptanalysis},
  author={María Naya-Plasencia and Christina Boura and Nicolas David and Patrick Derbez and Gregor Leander},