CryptoDB
Block Cipher Invariants as Eigenvectors of Correlation Matrices
| Authors: | |
|---|---|
| Download: | |
| Abstract: | A new approach to invariant subspaces and nonlinear invariants is developed. This results in both theoretical insights and practical attacks on block ciphers. It is shown that, with minor modifications to some of the round constants, Midori-64 has a nonlinear invariant with $$2^{96} + 2^{64}$$ 2 96 + 2 64 corresponding weak keys. Furthermore, this invariant corresponds to a linear hull with maximal correlation. By combining the new invariant with integral cryptanalysis, a practical key-recovery attack on ten rounds of unmodified Midori-64 is obtained. The attack works for $$2^{96}$$ 2 96 weak keys and irrespective of the choice of round constants. The data complexity is $$1.25 \cdot 2^{21}$$ 1.25 ยท 2 21 chosen plaintexts, and the computational cost is dominated by $$2^{56}$$ 2 56 block cipher calls. The validity of the attack is verified by means of experiments. |
BibTeX
@article{jofc-2020-30102,
title={Block Cipher Invariants as Eigenvectors of Correlation Matrices},
journal={Journal of Cryptology},
publisher={Springer},
doi={10.1007/s00145-020-09344-1},
author={Tim Beyne},
year=2020
}