Abstract
This paper evaluates the security level of the River Keyak against the cube-like attack. River Keyak is the only lightweight scheme of the Keccak-permutation-based authenticated encryption cipher Keyak, which is one of the 16 survivors of the third round CAESAR competition. Dinur et al. gave the seven-round cube-like attack on Lake Keyak (1600-bit) using the divide-and-conquer method at EUROCRYPT 2015, then Huang et al. improved the result to eight-round using a new conditional cube attack at EUROCRYPT 2017. While for River Keyak, the 800-bit state is so small that the equivalent key (256-bit capacity) occupy double lanes, the attacks can not be applied to the River Keyak trivially. In this paper, we comprehensively explore the conditional cube attack on the small state (800-bit) River Keyak. Firstly, we find a new conditional cube variable which has a much weaker diffusion than Huang et al.’s, this makes the conditional cube attack possible for small state (800-bit) River Keyak. Then we find enough cube variables for six/seven-round River Keyak and successfully launch the key recovery attacks on six/seven-round River Keyak with the time complexity \(2^{33}\) and \(2^{49},\) respectively. We also verify the six and seven-round attack on a laptop. Finally, by using linear structure technique with our new conditional cube variable, we greatly increase the freedom degree to find more cube variables for conditional cube attacks as it is complex for 800-bit state to find enough cube variables for eight-round attack. And then we use the new variables by this new method to launch eight-round conditional cube attack with the time complexity \(2^{81}.\) These are the first cryptanalysis results on round-reduced River Keyak. Our attacks do not threaten the full-round (12) River Keyak.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Aumasson, J.P., Dinur I., Meier W., Shamir A. : Cube testers and key recovery attacks on reduced-round MD6 and trivium. In: FSE 2009, LNCS, vol. 5665, pp. 1–22. Springer, Heidelberg (2009).
Bertoni G., Daemen J., Peeters M., Van Assche G.: Keccak sponge function family. http://keccak.noekeon.org/.
CAESAR: Competition for Authenticated Encryption: Security, Applicability, and Robustness. http://competitions.cr.yp.to/caesar.html.
Chaigneau C., Fuhr T., Gilbert H., Jean J., Reinhard J.R.: Cryptanalysis of NORX v2. 0. IACR Trans. Symmetric Cryptol. doi:10.13154/tosc.v2017.i1.156-174 (2017).
Das S., Meier W.: Differential biases in reduced-round Keccak. In: AFRICACRYPT 2014, LNCS, vol. 8469, pp. 69–87. Springer, Heidelberg (2014).
Daemen J., Van Assche G. :Differential propagation analysis of Keccak. In: FSE 2012, pp. 422–441. Springer, Heidelberg (2012).
Dinur I., Shamir A.: Cube attacks on tweakable black box polynomials. In: EUROCRYPT 2009, LNCS, vol. 5479, pp. 278–299. Springer, Heidelberg (2009).
Dinur I., Shamir A. : Breaking Grain-128 with dynamic cube attacks. In: FSE 2011, LNCS, vol. 6733, pp. 167–187. Springer, Heidelberg (2011).
Dinur I., Morawiecki P., Pieprzyk J., Srebrny M., Straus M.: Cube attacks and cube-attack-like cryptanalysis on the round-reduced Keccak sponge function. In: EUROCRYPT 2015, Part I, LNCS, vol. 9056, pp. 733–761. Springer, Heidelberg (2015)
Dong X., Li Z., Wang X., Qin L.: Cube-like attack on round-reduced initialization of Ketje Sr. IACR Trans. Symmetric Cryptol. doi:10.13154/tosc.v2017.i1 (2017).
Fouque P.A., Vannet T.: Improving key recovery to 784 and 799 rounds of trivium using optimized cube attacks. In: FSE 2013, LNCS, vol. 8424, pp. 502–517. Springer, Heidelberg (2014).
Guido B., Joan D., Michaël P., Assche G.V.: Keyak. http://keyak.noekeon.org.
Guido B., Joan D., Michaël P., Assche G.V.: The Keccak SHA-3 Submission. Submission to NIST (Round 3) (2011).
Guo J., Liu M., Song L.: Linear structures: applications to cryptanalysis of round-reduced Keccak. In: ASIACRYPT 2016, Part I, LNCS, vol. 10031, pp. 249–274. Springer, Heidelberg (2016).
Huang S., Wang X., Xu G., Wang M., Zhao J.: Conditional cube attack on reduced-round Keccak sponge function. In: EUROCRYPT 2017, Part II, LNCS, vol. 10211, pp. 259–288. Springer, Heidelberg (2017).
Li Z., Dong X., Wang X.: Conditional cube attack on round-reduced ASCON. IACR Trans. Symmetric Cryptol. doi:10.13154/tosc.v2017.i1 (2017).
NIST FIPS.197: Advanced Encryption Standard (AES). http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf (2001).
Acknowledgements
This work is supported by China’s 973 Program (No. 2013CB834205), the National Key Research and Development Program of China (No. 2017YFA0303903), the National Natural Science Foundation of China (No. 61672019), the Fundamental Research Funds of Shandong University (No. 2016JC029).
Author information
Authors and Affiliations
Corresponding authors
Additional information
Communicated by V. Rijmen.
Rights and permissions
About this article
Cite this article
Bi, W., Li, Z., Dong, X. et al. Conditional cube attack on round-reduced River Keyak. Des. Codes Cryptogr. 86, 1295–1310 (2018). https://doi.org/10.1007/s10623-017-0396-7
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10623-017-0396-7