IACR News item: 09 October 2015
Gaëtan Leurent
ePrint ReportBiham and Carmeli to improve the linear cryptanalysis of addition
operations, and we propose an analogue improvement of differential
cryptanalysis of addition operations. These two technique can reduce
the data complexity of linear and differential attacks, at the cost of
more processing time. Our technique can be seen of the analogue for ARX
ciphers of partial key guess and partial decryption for SPN ciphers.
We show a first application of the generalized linear partitioning
technique on FEAL-8X, revisiting the attack of Biham and Carmeli. We
manage to reduce the data complexity from 2^14 to 2^12 known plaintexts,
while the time complexity increases from 2^45 to 2^47.
Then, we use these technique to analyze Chaskey, a recent MAC proposal
by Mouha et al, that is being studied for standardisation by ISO and
ITU-T. Chaskey uses an ARX structure very similar to SipHash. We use a
differential-linear attack with improvements from the partitioning
technique, combined with a convolution-based method to reduce the time
complexity. This leads to an attack on 6 rounds with 2^25 data and
2^28.6 time (verified experimentally), and an attack on 7 rounds with
2^48 data and 2^67 time. These results show that the full version of
Chaskey with 8 rounds has a rather small security margin.
Additional news items may be found on the IACR news page.