scholarly journals Distinguishing and key recovery attacks on the reduced-round SNOW-V and SNOW-Vi

2022 ◽  
Vol 65 ◽  
pp. 103100
Author(s):  
Jin Hoki ◽  
Takanori Isobe ◽  
Ryoma Ito ◽  
Fukang Liu ◽  
Kosei Sakamoto
Cybersecurity ◽  
2021 ◽  
Vol 4 (1) ◽  
Author(s):  
Wenqin Cao ◽  
Wentao Zhang

AbstractFor block ciphers, Bogdanov et al. found that there are some linear approximations satisfying that their biases are deterministically invariant under key difference. This property is called key difference invariant bias. Based on this property, Bogdanov et al. proposed a related-key statistical distinguisher and turned it into key-recovery attacks on LBlock and TWINE-128. In this paper, we propose a new related-key model by combining multidimensional linear cryptanalysis with key difference invariant bias. The main theoretical advantage is that our new model does not depend on statistical independence of linear approximations. We demonstrate our cryptanalysis technique by performing key recovery attacks on LBlock and TWINE-128. By using the relations of the involved round keys to reduce the number of guessed subkey bits. Moreover, the partial-compression technique is used to reduce the time complexity. We can recover the master key of LBlock up to 25 rounds with about 260.4 distinct known plaintexts, 278.85 time complexity and 261 bytes of memory requirements. Our attack can recover the master key of TWINE-128 up to 28 rounds with about 261.5 distinct known plaintexts, 2126.15 time complexity and 261 bytes of memory requirements. The results are the currently best ones on cryptanalysis of LBlock and TWINE-128.


2019 ◽  
Vol 11 (01) ◽  
pp. 1950003
Author(s):  
Koichiro Akiyama ◽  
Shuhei Nakamura ◽  
Masaru Ito ◽  
Noriko Hirata-Kohno

In this paper, we propose a key exchange protocol using multivariate polynomial maps whose security relies on the hardness in finding a solution to a certain system of nonlinear polynomial equations. Under the hardness assumption of solving the system of equations, we prove that our protocol is secure against key recovery attacks by passive attackers if the protocol is established honestly.


Sign in / Sign up

Export Citation Format

Share Document