Cryptography and Communications

, Volume 6, Issue 4, pp 313–333 | Cite as

Multidimensional meet-in-the-middle attack and its applications to KATAN32/48/64

  • Bo ZhuEmail author
  • Guang Gong


This paper investigates a new framework to analyze symmetric ciphers by guessing intermediate states and dividing algorithms into consecutive sub-ciphers. It is suitable for lightweight ciphers with simple key schedules and block sizes smaller than key lengths. New attacks on the block cipher family KATAN are proposed by adopting this framework. Our new attacks can recover the master keys of 175-round KATAN32, 130-round KATAN48 and 112-round KATAN64 faster than exhaustive search, and thus reach many more rounds than previous attacks. We also provide new attacks on 115-round KATAN32 and 100-round KATAN48 in order to demonstrate this new kind of attacks can be more time-efficient and memory-efficient than existing attacks.


Multidimensional Meet-in-the-middle Cryptanalysis KATAN 

Mathematics Subject Classifications (2010)

94A60 Cryptography 



The authors would like to thank Claude Carlet, Itai Dinur, Xinxin Fan, Yin Tan, and anonymous reviewers for helpful comments. This work is supported by NSERC Discovery Grant and ORF Grant.


  1. 1.
    Albrecht, M.R., Leander, G.: An all-in-one approach to differential cryptanalysis for small block ciphers. In: Knudsen, L.R., Wu, H. (eds.) Selected Areas in Cryptography. Lecture Notes in Computer Science, vol. 7707, pp. 1–15. Springer (2012)Google Scholar
  2. 2.
    Aoki, K., Sasaki, Y.: Meet-in-the-middle preimage attacks against reduced SHA-0 and SHA-1. In: Halevi, S. (ed.) CRYPTO. Lecture Notes in Computer Science, vol. 5677, pp. 70–89. Springer (2009)Google Scholar
  3. 3.
    Bogdanov, A., Khovratovich, D., Rechberger, C.: Biclique cryptanalysis of the full AES. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT. Lecture Notes in Computer Science, vol. 7073, pp. 344–371. Springer (2011)Google Scholar
  4. 4.
    Bogdanov, A., Rechberger, C.: A 3-subset meet-in-the-middle attack: cryptanalysis of the lightweight block cipher KTANTAN. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) Selected Areas in Cryptography. Lecture Notes in Computer Science, vol. 6544, pp. 229–240. Springer (2010)Google Scholar
  5. 5.
    Cannière, C.D., Dunkelman, O., Knezevic, M.: KATAN and KTANTAN - a family of small and efficient hardware-oriented block ciphers. In: Clavier, C., Gaj, K. (eds.) CHES. Lecture Notes in Computer Science, vol. 5747, pp. 272–288. Springer (2009)Google Scholar
  6. 6.
    Courtois, N.T.: Algebraic complexity reduction and cryptanalysis of GOST (2011).
  7. 7.
    Diffie, W., Hellman, M.: Exhaustive cryptanalysis of the NBS data encryption standard. Computer 10 (6), 74–84 (1977)CrossRefGoogle Scholar
  8. 8.
    Dinur, I., Dunkelman, O., Keller, N., Shamir, A.: Efficient dissection of composite problems, with applications to cryptanalysis, knapsacks, and combinatorial search problems In: Advances in Cryptology - Crypto 2012. Lecture Notes in Computer Science, vol. 7417, pp. 719–740. Springer (2012)Google Scholar
  9. 9.
    Dinur, I., Dunkelman, O., Shamir, A.: Improved attacks on full GOST. In: Canteaut, A. (ed.) FSE. Lecture Notes in Computer Science, vol. 7549, pp. 9–28. Springer (2012)Google Scholar
  10. 10.
    Engels, D. W., Saarinen, M.-J.O., Schweitzer, P., Smith, E. M.: The Hummingbird-2 lightweight authenticated encryption algorithm. In: Juels, A., Paar, C. (eds.) RFIDSec. Lecture Notes in Computer Science, vol. 7055, pp. 19–31. Springer (2011)Google Scholar
  11. 11.
    Guo, J., Peyrin, T., Poschmann, A., Robshaw, M.J.B.: The LED block cipher. In: Preneel, B., Takagi, T. (eds.) CHES. Lecture notes in computer science, vol. 6917, pp. 326–341. Springer (2011)Google Scholar
  12. 12.
    Isobe, T.: A single-key attack on the full GOST block cipher. In: Joux, A. (ed.) Fast Software Encryption. Lecture Notes in Computer Science, vol. 6733, pp. 290–305. Springer (2011)Google Scholar
  13. 13.
    Isobe, T., Shibutani, K.: Improved All-Subkeys Recovery Attacks on FOX, KATAN and SHACAL-2 block ciphers (2014). To appear at FSEGoogle Scholar
  14. 14.
    Isobe, T., Shibutani, K.: All subkeys recovery attack on block ciphers: Extending meet-in-the-middle approach. In: Knudsen, L.R., Wu, H. (eds.) Selected Areas in Cryptography. Lecture Notes in Computer Science, vol. 7707, pp. 202–221. Springer (2012)Google Scholar
  15. 15.
    Khovratovich, D., Leurent, G., Rechberger, C.: Narrow-bicliques: Cryptanalysis of full IDEA. In: Pointcheval, D., Johansson, T. (eds.) Advances in Cryptology EUROCRYPT 2012. Lecture Notes in Computer Science, vol. 7237, pp. 392–410. Springer, Berlin / Heidelberg (2012)Google Scholar
  16. 16.
    Knudsen, L.R., Leander, G., Poschmann, A., Robshaw, M.J.B.: PRINTcipher: a block cipher for IC-Printing. In: Mangard, S., Standaert, F.-X. (eds.) CHES. Lecture Notes in Computer Science, vol. 6225, pp. 16–32. Springer (2010)Google Scholar
  17. 17.
    Luo, Y., Chai, Q., Gong, G., Lai, X.: A lightweight stream cipher WG-7 for RFID encryption and authentication. In: GLOBECOM, pp. 1–6. IEEE (2010)Google Scholar
  18. 18.
    Sasaki, Y., Aoki, K.: Finding preimages in full MD5 faster than exhaustive search. In: Joux, A. (ed.) EUROCRYPT. Lecture Notes in Computer Science, vol. 5479, pp. 134–152. Springer (2009)Google Scholar
  19. 19.
    Wei, L., Rechberger, C., Guo, J., Wu, H., Wang, H., Ling, S.: Improved meet-in-the-middle cryptanalysis of KTANTAN (poster). In: Parampalli, U., Hawkes, P. (eds.) ACISP. Lecture Notes in Computer Science, vol. 6812, pp. 433–438. Springer (2011)Google Scholar

Copyright information

© Springer Science+Business Media New York 2014

Authors and Affiliations

  1. 1.University of WaterlooWaterlooCanada

Personalised recommendations