Simplified Modeling of MITM Attacks for Block Ciphers: New (Quantum) Attacks

Authors

  • André Schrottenloher Univ Rennes, Inria, Centre National de la Recherche Scientifique (CNRS), Institut de Recherche en Informatique et Systèmes Aléatoires (IRISA), Rennes, France
  • Marc Stevens Cryptology Group, Centrum Wiskunde Informatica (CWI), Amsterdam, The Netherlands

DOI:

https://doi.org/10.46586/tosc.v2023.i3.146-183

Keywords:

MITM Attacks, Key-recovery attacks, Quantum cryptanalysis, Preimage attacks, AES, Present

Abstract

The meet-in-the-middle (MITM) technique has led to many key-recovery attacks on block ciphers and preimage attacks on hash functions. Nowadays, cryptographers use automatic tools that reduce the search of MITM attacks to an optimization problem. Bao et al. (EUROCRYPT 2021) introduced a low-level modeling based on Mixed Integer Linear Programming (MILP) for MITM attacks on hash functions, which was extended to key-recovery attacks by Dong et al. (CRYPTO 2021). However, the modeling only covers AES-like designs. Schrottenloher and Stevens (CRYPTO 2022) proposed a different approach aiming at higher-level simplified models. However, this modeling was limited to cryptographic permutations.
In this paper, we extend the latter simplified modeling to also cover block ciphers with simple key schedules. The resulting modeling enables us to target a large array of primitives, typically lightweight SPN ciphers where the key schedule has a slow diffusion, or none at all. We give several applications such as full breaks of the PIPO-256 and FUTURE block ciphers, and reduced-round classical and quantum attacks on SATURNIN-Hash.

Published

2023-09-19

Issue

Section

Articles

How to Cite

Simplified Modeling of MITM Attacks for Block Ciphers: New (Quantum) Attacks. (2023). IACR Transactions on Symmetric Cryptology, 2023(3), 146-183. https://doi.org/10.46586/tosc.v2023.i3.146-183