A Note on Related-Tweakey Impossible Differential Attacks

CryptoDB

A Note on Related-Tweakey Impossible Differential Attacks

Authors:	Xavier Bonnetain , Université de Lorraine, CNRS, Inria, LORIA Virginie Lallemand , Université de Lorraine, CNRS, Inria, LORIA
Download:	DOI: 10.62056/abbn-4c2h URL: https://cic.iacr.org//p/1/3/27 Search ePrint Search Google
Abstract:	In this note we review the technique proposed at ToSC 2018 by Sadeghi et al. for attacks built upon several related-tweakey impossible differential trails. We show that the initial encryption queries are improper and lead the authors to misevaluate a filtering value in the key recovery phase. We identified 4 other papers (from Eurocrypt, DCC, and 2 from ToSC) that follow on the results of Sadeghi et al. and in three of them the flawed technique was reused. We thus present a careful analysis of these types of attacks and give generic complexity formulas similar to the ones proposed by Boura et al. at Asiacrypt 2014. We apply these to the aforementioned papers and provide patched versions of their attacks. The main consequence is an increase in the memory complexity. We show that in many cases (a notable exception being quantum impossible differentials) it is possible to recover the numeric time estimates of the flawed analysis, and in all cases we were able to build a correct attack reaching the same number of rounds.

Authors:

Xavier Bonnetain , Université de Lorraine, CNRS, Inria, LORIA
Virginie Lallemand , Université de Lorraine, CNRS, Inria, LORIA

Download:

DOI: 10.62056/abbn-4c2h

URL: https://cic.iacr.org//p/1/3/27

Search ePrint

Search Google

Abstract:

In this note we review the technique proposed at ToSC 2018 by Sadeghi et al. for attacks built upon several related-tweakey impossible differential trails. We show that the initial encryption queries are improper and lead the authors to misevaluate a filtering value in the key recovery phase. We identified 4 other papers (from Eurocrypt, DCC, and 2 from ToSC) that follow on the results of Sadeghi et al. and in three of them the flawed technique was reused.
We thus present a careful analysis of these types of attacks and give generic complexity formulas similar to the ones proposed by Boura et al. at Asiacrypt 2014. We apply these to the aforementioned papers and provide patched versions of their attacks. The main consequence is an increase in the memory complexity. We show that in many cases (a notable exception being quantum impossible differentials) it is possible to recover the numeric time estimates of the flawed analysis, and in all cases we were able to build a correct attack reaching the same number of rounds. 

BibTeX

@article{cic-2024-34838,
  title={A Note on Related-Tweakey Impossible Differential Attacks},
  journal={cic},
  publisher={International Association for Cryptologic Research},
  volume={1, Issue 3},
  url={https://cic.iacr.org//p/1/3/27},
  doi={10.62056/abbn-4c2h},
  author={Xavier Bonnetain and Virginie Lallemand},
  year=2024
}

International Association for Cryptologic Research

International Associationfor Cryptologic Research

CryptoDB

A Note on Related-Tweakey Impossible Differential Attacks

BibTeX

International Association
for Cryptologic Research