International Association for Cryptologic Research

International Association
for Cryptologic Research

IACR News item: 28 January 2016

Shahram Rasoolzadeh, H\aa vard Raddum
ePrint Report ePrint Report
KATAN and KTANTAN are two lightweight families of hardware oriented block ciphers proposed by Canni{\`e}re et al. at CHES 2009. They have different versions of 32-, 48- and 64-bit state, all of which work with an 80-bit key. Inspired by the Trivium stream cipher, these families have an innovative structure based on two non-linear feedback shift registers. Such a structure attracts the attention of cryptanalysts and consequently a variety of security analyses have been published. Although the KTANTAN family is already regarded as a broken cipher, the full-round KATAN family is still secure.

In this paper, by exploiting several properties of the KATAN round function as well as the slow diffusion of key bits, we propose some techniques to extend the number of rounds covered by multidimensional meet in the middle attack on all versions of the KATAN family of block ciphers. Our results show that this method can attack up to 206, 148 and 129 reduced-round versions of KATAN32, KATAN48 and KATAN64, respectively, with only 2 or 3 pairs of known plaintext. This cryptanalysis covers the highest number of rounds to date.

Our work is still far from a full-round attack, so it could not be considered as a threat to this family of block ciphers yet. We state that KATAN is still safe to use.
Expand

Additional news items may be found on the IACR news page.