Deoxys-BC is the internal tweakable block cipher of Deoxys, a third-round authenticated encryption candidate at the CAESAR competition. In this study, by adequately studying the tweakey schedule, we seek a six-round related-tweakey impossible distinguisher of Deoxys-BC-256, which is transformed from a 3.5-round single-key impossible distinguisher of AES, by application of the mixed integer linear programming (MILP) method. We present a detailed description of this interesting transformation method and the MILPmodeling process. Based on this distinguisher, we mount a key-recovery attack on 10 (out of 14) rounds of Deoxys-BC-256. Compared to previous results that are valid only when the key size > 204 and the tweak size < 52, our method can attack 10-round Deoxys-BC-256 as long as the key size > 174 and the tweak size 6 82. For the popular setting in which the key size is 192 bits, we can attack one round more than previous studies. Note that this paper only gives a more accurate security evaluation and does not threaten the security of full-round Deoxys-BC-256.
This is a preview of subscription content, access via your institution.
Buy single article
Instant access to the full article PDF.
Tax calculation will be finalised during checkout.
Jean J, Nikolić I, Peyrin T, et al. Deoxys v1.41. 2016. http://competitions.cr.yp.to/round3/deoxysv141.pdf
Daemen J, Rijmen V. The design of rijndael. In: AES - the Advanced Encryption Standard. Berlin: Springer, 2002
Liskov M, Rivest R L, Wagner D. Tweakable block ciphers. J Cryptol, 2011, 24: 588–613
Beierle C, Jean J, Kölbl S, et al. The SKINNY family of block ciphers and its low-latency variant MANTIS. In: Advances in Cryptology - CRYPTO 2016. Berlin: Springer, 2016. 123–153
Borghoff J, Canteaut A, Gneysu T, et al. PRINCE - a low-latency block cipher for pervasive computing applications. In: Advances in Cryptology - ASIACRYPT 2012. Berlin: Springer, 2012. 208–225
Avanzi R. The QARMA block cipher family - almost MDS matrices over rings with zero divisors, nearly symmetric Even-Mansour constructions with non-involutory central rounds, and search heuristics for low-latency S-Boxes. IACR Trans Symmetric Cryptol, 2017, 1: 4–44
Jean J, Nikolić I, Peyrin T. Tweaks and keys for block ciphers: The TWEAKEY framework. In: Advances in Cryptology - ASIACRYPT 2014. Berlin: Springer, 2014. 274–288
Cid C, Huang T, Peyrin T, et al. A security analysis of Deoxys and its internal tweakable block cphers. IACR Trans Symmetric Cryptol, 2017, 3: 73–107
Ankele R, Banik S, Chakraborti A, et al. Related-key impossible-differential attack on reduced-round SKINNY. In: Applied Cryptography and Network Security - ACNS 2017. Berlin: Springer, 2017. 208–228
Bellare M, Hoang V, Tessaro S. Message-recovery attacks on Feistel-based format preserving encryption. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Seucrity, Vienna, 2016. 444–455
Derbez P, Fouque P-A, Jean J. Improved key recovery attacks on reduced-round AES in the single-key setting. In: Advances in Cryptology - EUROCRYPT 2013. Berlin: Springer, 2013. 371–387
Biham E, Keller N. Cryptanalysis of reduced variants of Rijndael. In: Prcoeedings of the 3rd AES Candidate Conference, New York, 2000
Mouha N, Wang Q J, Gu D W, et al. Differential and linear cryptanalysis using mixed-integer linear programming. In: Proceedings of the 7th International Conference on Information Security and Cryptology, Beijing, 2011. 57–76
Wu S B, Wang M S. Security evaluation against differential cryptanalysis for block cipher structures. https://eprint.iacr.org/2011/551
Sun S W, Hu L, Wang P, et al. Automatic security evaluation and (related-key) differential characteristic search: Application to SIMON, PRESENT, LBlock, DES(L) and other bit-oriented block ciphers. In: Advances in Cryptology - ASIACRYPT 2014. Berlin: Springer, 2014. 158–178
Sun S W, Hu L, Song L, et al. Automatic security evaluation of block ciphers with S-bP structures against related-key differential attacks. In: Proceedings of International Conference on Information Security and Cryptology. Berlin: Springer, 2013. 39–51
Sun S W, Hu L, Wang M Q, et al. Towards finding the best characteristics of some bit-oriented blcok ciphers and automatic enumeration of (related-key) differential and linear characteristics with predefined properties. https://eprint.iacr.org/2014/747
Fu K, Wang M Q, Guo Y H, et al. MILP-based automatic search algorithms for differential and linear trails for Speck. In: Fast Software Encryption - FSE 2016. Berlin: Springer, 2016. 268–288
Sasaki Y, Todo Y. New impossible differential search tool from design and cryptanalysis aspects. In: Advances in Cryptology - EUROCRYPT 2017. Berlin: Springer, 2017. 185–215
Cui T T, Jia K T, Fu K, et al. New automatic search tool for impossible differentials and zero-correlation linear approximations. http://eprint.iacr.org/2016/689
This work was supported by National Key Research and Development Program of China (Grant No. 2017YFA0303903), National Natural Science Foundation of China (Grant No. 61672019), National Cryptography Development Fund (Grant No. MMJJ20170121), Zhejiang Province Key R&D Project (Grant No. 2017C01062), Fundamental Research Funds of Shandong University (Grant No. 2016JC029), and China Postdoctoral Science Foundation (Grant No. 2017M620807).
About this article
Cite this article
Zong, R., Dong, X. & Wang, X. Related-tweakey impossible differential attack on reduced-round Deoxys-BC-256. Sci. China Inf. Sci. 62, 32102 (2019). https://doi.org/10.1007/s11432-017-9382-2
- related-tweakey impossible differential attack
- tweakable block cipher
- tweakey schedule