Meet-in-the-Middle Attacks on Reduced-Round Hierocrypt-3

  • Ahmed Abdelkhalek
  • Riham AlTawy
  • Mohamed Tolba
  • Amr M. Youssef
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9230)


Hierocrypt-3 is an SPN-based block cipher designed by Toshiba Corporation. It operates on 128-bit state using either 128, 192 or 256-bit key. In this paper, we present two meet-in-the-middle attacks in the single-key setting on the 4-round reduced Hierocrypt-3 with 256-bit key. The first attack is based on the differential enumeration approach where we propose a truncated differential characteristic in the first 2.5 rounds and match a multiset of state differences at its output. The other attack is based on the original meet-in-the-middle attack strategy proposed by Demirci and Selçuk at FSE 2008 to attack reduced versions of both AES-192 and AES-256. For our attack based on the differential enumeration, the master key is recovered with data complexity of \(2^{113}\) chosen plaintexts, time complexity of \(2^{238}\) 4-round reduced Hierocrypt-3 encryptions and memory complexity of \(2^{218}\) 128-bit blocks. The data, time and memory complexities of our second attack are \(2^{32}\), \(2^{245}\) and \(2^{242}\), respectively. To the best of our knowledge, these are the first attacks on 4-round reduced Hierocrypt-3.


Cryptanalysis Hierocrypt-3 Meet-in-the-middle attack Differential enumeration 


  1. 1.
    AlTawy, R., Youssef, A.M.: Preimage attacks on reduced-round Stribog. In: Pointcheval, D., Vergnaud, D. (eds.) AFRICACRYPT. LNCS, vol. 8469, pp. 109–125. Springer, Heidelberg (2014) CrossRefGoogle Scholar
  2. 2.
    AlTawy, R., Youssef, A.M.: Second preimage analysis of Whirlwind. In: Lin, D., Yung, M., Zhou, J. (eds.) Inscrypt 2014. LNCS, vol. 8957, pp. 311–328. Springer, Heidelberg (2015) Google Scholar
  3. 3.
    AlTawy, R., Youssef, A.M.: Meet in the middle attacks on reduced round Kuznyechik. Cryptology ePrint Archive, Report 2015/096 (2015).
  4. 4.
    AlTawy, R., Youssef, A.M.: Differential sieving for 2-step matching meet-in-the-middle attack with application to Lblock. In: Eisenbarth, T., Öztürk, E. (eds.) LightSec 2014. LNCS, vol. 8898, pp. 126–139. Springer, Heidelberg (2015) Google Scholar
  5. 5.
    Barreto, P.S.L.M., Rijmen, V., Nakahara Jr, J., Preneel, B., Vandewalle, J., Kim, H.Y.: Improved SQUARE attacks against reduced-round HIEROCRYPT. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 165–173. Springer, Heidelberg (2002) CrossRefGoogle Scholar
  6. 6.
    Bogdanov, A., Khovratovich, D., Rechberger, C.: Biclique cryptanalysis of the full AES. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 344–371. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  7. 7.
    Bogdanov, A., Rechberger, C.: A 3-subset meet-in-the-middle attack: cryptanalysis of the lightweight block cipher KTANTAN. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) SAC 2010. LNCS, vol. 6544, pp. 229–240. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  8. 8.
    Canteaut, A., Naya-Plasencia, M., Vayssière, B.: Sieve-in-the-middle: improved MITM attacks. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 222–240. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  9. 9.
    CRYPTEC: e-Government candidate recommended ciphers list (2013).
  10. 10.
    CRYPTEC: e-Government recommended ciphers list (2003).
  11. 11.
    CRYPTEC: Specification on a block cipher: Hierocrypt-3.
  12. 12.
    Daemen, J., Knudsen, L.R., Rijmen, V.: The block cipher SQUARE. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 149–165. Springer, Heidelberg (1997) CrossRefGoogle Scholar
  13. 13.
    Demirci, H., Selçuk, A.A.: A meet-in-the-middle attack on 8-round AES. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 116–126. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  14. 14.
    Demirci, H., Taşkın, I., Oban, M., Baysal, A.: Improved meet-in-the-middle attacks on AES. In: Roy, B., Sendrier, N. (eds.) INDOCRYPT 2009. LNCS, vol. 5922, pp. 144–156. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  15. 15.
    Derbez, P., Fouque, P.-A., Jean, J.: Improved key recovery attacks on reduced-round AES in the single-key setting. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 371–387. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  16. 16.
    Diffie, W., Hellman, M.E.: Special feature exhaustive cryptanalysis of the NBS Data Encryption Standard. Computer 10(6), 74–84 (1977)CrossRefGoogle Scholar
  17. 17.
    Dunkelman, O., Keller, N., Shamir, A.: Improved single-key attacks on 8-round AES-192 and AES-256. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 158–176. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  18. 18.
    Hao, Y., Bai, D., Li, L.: A meet-in-the-middle attack on round-reduced mCrypton using the differential enumeration technique. In: Au, M.H., Carminati, B., Kuo, C.-C.J. (eds.) NSS 2014. LNCS, vol. 8792, pp. 166–183. Springer, Heidelberg (2014) Google Scholar
  19. 19.
    Hong, D., Koo, B., Sasaki, Y.: Improved preimage attack for 68-step HAS-160. In: Lee, D., Hong, S. (eds.) ICISC 2009. LNCS, vol. 5984, pp. 332–348. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  20. 20.
    Cheon, J.H., Kim, M., Kim, K.: Impossible differential cryptanalysis of Hierocrypt-3 reduced to 3 rounds. NESSIE report (2002)Google Scholar
  21. 21.
    Li, L., Jia, K., Wang, X.: Improved meet-in-the-middle attacks on AES-192 and PRINCE. Cryptology ePrint Archive, Report 2013/573 (2013).
  22. 22.
    Mendel, F., Rechberger, C., Schläffer, M., Thomsen, S.S.: The rebound attack: cryptanalysis of reduced Whirlpool and Grøstl. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 260–276. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  23. 23.
    New European Schemes for Signatures, Integrity, and Encryption.
  24. 24.
    Ohkuma, K., Muratani, H., Sano, F., Kawamura, S.: The block cipher Hierocrypt. In: Stinson, D.R., Tavares, S. (eds.) SAC 2000. LNCS, vol. 2012, p. 72. Springer, Heidelberg (2001) CrossRefGoogle Scholar
  25. 25.
    Rechberger, C.: Security evaluation of 128-bit block ciphers AES, CIPHERUNICORN-A, and Hierocrypt-3 against biclique attacks. CRYPTREC (2012)Google Scholar
  26. 26.
    Sasaki, Y., Wang, L., Wu, S., Wu, W.: Investigating fundamental security requirements on Whirlpool: improved preimage and collision attacks. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 562–579. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  27. 27.
    Furuya, S., Rijmen, V.: Observations on Hierocrypt-3/L1 key-scheduling algorithms. In: 2nd NESSIE Workshop (2001)Google Scholar
  28. 28.
    Toshiba Corporation: Block cipher family Hierocrypt.

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Ahmed Abdelkhalek
    • 1
  • Riham AlTawy
    • 1
  • Mohamed Tolba
    • 1
  • Amr M. Youssef
    • 1
  1. 1.Concordia Institute for Information Systems EngineeringConcordia UniversityMontréalCanada

Personalised recommendations