CryptoDB
A More Practical Attack Against Yoroi
| Authors: | |
|---|---|
| Download: | |
| Abstract: | Yoroi is a family of space-hard block cipher proposed at TCHES 2021. This cipher contains two parts, a core part and an AES layer to prevent the blackbox adversary. At FSE 2023, Todo and Isobe proposed a code-lifting attack to recover the secret T-box in Yoroi, breaking the security claims of Yoroi. Their work shows that the AES layer is vulnerable in the whitebox model and has no contribution to the security in a hybrid of blackbox and whitebox model. Besides, their attack employs a strong hack model to modify and extract the table entries of the T-box. This hack model is suitable for the environment used by Yoroi while it is difficult to achieve in the practical application.In this paper, we present an attack on Yoroi within a more practical scenario. Compared with the previous attack, our attack is a chosen-plaintext-ciphertext attack in the blackbox phase and assumes that the whitebox attacker has reduced capabilities, as one only needs to extract the AES key without modifying or extracting the table entries. Furthermore, we introduce a family of equivalent representations of Yoroi, using this we can recover an equivalent cipher without any leaked information of table entries. As a result, the complexities of our attack remain almost the same as that of the previous attack. |
BibTeX
@article{tosc-2025-35398,
title={A More Practical Attack Against Yoroi},
journal={IACR Transactions on Symmetric Cryptology},
publisher={Ruhr-Universität Bochum},
volume={2025},
pages={357-379},
url={https://tosc.iacr.org/index.php/ToSC/article/view/12081},
doi={10.46586/tosc.v2025.i1.357-379},
author={Runhao Wei and Jinliang Wang and Haoyang Wang and Muzhou Li and Yunling Zhang and Meiqin Wang},
year=2025
}