International Association
for Cryptologic Research

In this work, we refine a partitioning technique recently proposed by

Biham and Carmeli to improve the linear cryptanalysis of addition

operations, and we propose an analogue improvement of differential

cryptanalysis of addition operations. These two technique can reduce

the data complexity of linear and differential attacks, at the cost of

more processing time. Our technique can be seen of the analogue for ARX

ciphers of partial key guess and partial decryption for SPN ciphers.

We show a first application of the generalized linear partitioning

technique on FEAL-8X, revisiting the attack of Biham and Carmeli. We

manage to reduce the data complexity from 2^14 to 2^12 known plaintexts,

while the time complexity increases from 2^45 to 2^47.

Then, we use these technique to analyze Chaskey, a recent MAC proposal

by Mouha et al, that is being studied for standardisation by ISO and

ITU-T. Chaskey uses an ARX structure very similar to SipHash. We use a

differential-linear attack with improvements from the partitioning

technique, combined with a convolution-based method to reduce the time

complexity. This leads to an attack on 6 rounds with 2^25 data and

2^28.6 time (verified experimentally), and an attack on 7 rounds with

2^48 data and 2^67 time. These results show that the full version of

Chaskey with 8 rounds has a rather small security margin.