A More Practical Attack Against Yoroi

Authors

  • Runhao Wei School of Cyber Science and Technology, Shandong University, Qingdao, China; Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Jinan, China; State Key Laboratory of Cryptography and Digital Economy Security, Shandong University, Qingdao, 266237, China
  • Jinliang Wang School of Cyber Science and Technology, Shandong University, Qingdao, China; Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Jinan, China; State Key Laboratory of Cryptography and Digital Economy Security, Shandong University, Qingdao, 266237, China
  • Haoyang Wang Shanghai Jiao Tong University, Shanghai, China
  • Muzhou Li School of Cyber Science and Technology, Shandong University, Qingdao, China; Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Jinan, China; State Key Laboratory of Cryptography and Digital Economy Security, Shandong University, Qingdao, 266237, China
  • Yunling Zhang CHECC Data Co., Ltd., Beijing, China
  • Meiqin Wang Quan Cheng Shandong Laboratory, Jinan, China; School of Cyber Science and Technology, Shandong University, Qingdao, China; Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Jinan, China; State Key Laboratory of Cryptography and Digital Economy Security, Shandong University, Qingdao, 266237, China

DOI:

https://doi.org/10.46586/tosc.v2025.i1.357-379

Keywords:

Whitebox cryptography, Space-hard, Cryptanalysis, Yoroi

Abstract

Yoroi is a family of space-hard block cipher proposed at TCHES 2021. This cipher contains two parts, a core part and an AES layer to prevent the blackbox adversary. At FSE 2023, Todo and Isobe proposed a code-lifting attack to recover the secret T-box in Yoroi, breaking the security claims of Yoroi. Their work shows that the AES layer is vulnerable in the whitebox model and has no contribution to the security in a hybrid of blackbox and whitebox model. Besides, their attack employs a strong hack model to modify and extract the table entries of the T-box. This hack model is suitable for the environment used by Yoroi while it is difficult to achieve in the practical application.
In this paper, we present an attack on Yoroi within a more practical scenario. Compared with the previous attack, our attack is a chosen-plaintext-ciphertext attack in the blackbox phase and assumes that the whitebox attacker has reduced capabilities, as one only needs to extract the AES key without modifying or extracting the table entries. Furthermore, we introduce a family of equivalent representations of Yoroi, using this we can recover an equivalent cipher without any leaked information of table entries. As a result, the complexities of our attack remain almost the same as that of the previous attack.

Downloads

Published

2025-03-07

Issue

Vol. 2025 No. 1

Section

Articles

License

Copyright (c) 2025 Runhao Wei, Jinliang Wang, Haoyang Wang, Muzhou Li, Yunling Zhang, Meiqin Wang

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

Wei, R., Wang, J., Wang, H., Li, M., Zhang, Y., & Wang, M. (2025). A More Practical Attack Against Yoroi. IACR Transactions on Symmetric Cryptology, 2025(1), 357-379. https://doi.org/10.46586/tosc.v2025.i1.357-379