Meet-in-the-Middle Attacks on Reduced-Round Hierocrypt-3

  • Ahmed Abdelkhalek
  • Riham AlTawy
  • Mohamed Tolba
  • Amr M. Youssef
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9230)

Abstract

Hierocrypt-3 is an SPN-based block cipher designed by Toshiba Corporation. It operates on 128-bit state using either 128, 192 or 256-bit key. In this paper, we present two meet-in-the-middle attacks in the single-key setting on the 4-round reduced Hierocrypt-3 with 256-bit key. The first attack is based on the differential enumeration approach where we propose a truncated differential characteristic in the first 2.5 rounds and match a multiset of state differences at its output. The other attack is based on the original meet-in-the-middle attack strategy proposed by Demirci and Selçuk at FSE 2008 to attack reduced versions of both AES-192 and AES-256. For our attack based on the differential enumeration, the master key is recovered with data complexity of \(2^{113}\) chosen plaintexts, time complexity of \(2^{238}\) 4-round reduced Hierocrypt-3 encryptions and memory complexity of \(2^{218}\) 128-bit blocks. The data, time and memory complexities of our second attack are \(2^{32}\), \(2^{245}\) and \(2^{242}\), respectively. To the best of our knowledge, these are the first attacks on 4-round reduced Hierocrypt-3.

Keywords

Cryptanalysis Hierocrypt-3 Meet-in-the-middle attack Differential enumeration 

References

  1. 1.
    AlTawy, R., Youssef, A.M.: Preimage attacks on reduced-round Stribog. In: Pointcheval, D., Vergnaud, D. (eds.) AFRICACRYPT. LNCS, vol. 8469, pp. 109–125. Springer, Heidelberg (2014) CrossRefGoogle Scholar
  2. 2.
    AlTawy, R., Youssef, A.M.: Second preimage analysis of Whirlwind. In: Lin, D., Yung, M., Zhou, J. (eds.) Inscrypt 2014. LNCS, vol. 8957, pp. 311–328. Springer, Heidelberg (2015) Google Scholar
  3. 3.
    AlTawy, R., Youssef, A.M.: Meet in the middle attacks on reduced round Kuznyechik. Cryptology ePrint Archive, Report 2015/096 (2015). http://eprint.iacr.org/
  4. 4.
    AlTawy, R., Youssef, A.M.: Differential sieving for 2-step matching meet-in-the-middle attack with application to Lblock. In: Eisenbarth, T., Öztürk, E. (eds.) LightSec 2014. LNCS, vol. 8898, pp. 126–139. Springer, Heidelberg (2015) Google Scholar
  5. 5.
    Barreto, P.S.L.M., Rijmen, V., Nakahara Jr, J., Preneel, B., Vandewalle, J., Kim, H.Y.: Improved SQUARE attacks against reduced-round HIEROCRYPT. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 165–173. Springer, Heidelberg (2002) CrossRefGoogle Scholar
  6. 6.
    Bogdanov, A., Khovratovich, D., Rechberger, C.: Biclique cryptanalysis of the full AES. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 344–371. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  7. 7.
    Bogdanov, A., Rechberger, C.: A 3-subset meet-in-the-middle attack: cryptanalysis of the lightweight block cipher KTANTAN. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) SAC 2010. LNCS, vol. 6544, pp. 229–240. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  8. 8.
    Canteaut, A., Naya-Plasencia, M., Vayssière, B.: Sieve-in-the-middle: improved MITM attacks. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 222–240. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  9. 9.
    CRYPTEC: e-Government candidate recommended ciphers list (2013). http://www.cryptrec.go.jp/english/method.html
  10. 10.
    CRYPTEC: e-Government recommended ciphers list (2003). http://www.cryptrec.go.jp/english/images/cryptrec_01en.pdf
  11. 11.
    CRYPTEC: Specification on a block cipher: Hierocrypt-3. http://www.cryptrec.go.jp/cryptrec_03_spec_cypherlist_files/PDF/08_02espec.pdf
  12. 12.
    Daemen, J., Knudsen, L.R., Rijmen, V.: The block cipher SQUARE. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 149–165. Springer, Heidelberg (1997) CrossRefGoogle Scholar
  13. 13.
    Demirci, H., Selçuk, A.A.: A meet-in-the-middle attack on 8-round AES. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 116–126. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  14. 14.
    Demirci, H., Taşkın, I., Oban, M., Baysal, A.: Improved meet-in-the-middle attacks on AES. In: Roy, B., Sendrier, N. (eds.) INDOCRYPT 2009. LNCS, vol. 5922, pp. 144–156. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  15. 15.
    Derbez, P., Fouque, P.-A., Jean, J.: Improved key recovery attacks on reduced-round AES in the single-key setting. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 371–387. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  16. 16.
    Diffie, W., Hellman, M.E.: Special feature exhaustive cryptanalysis of the NBS Data Encryption Standard. Computer 10(6), 74–84 (1977)CrossRefGoogle Scholar
  17. 17.
    Dunkelman, O., Keller, N., Shamir, A.: Improved single-key attacks on 8-round AES-192 and AES-256. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 158–176. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  18. 18.
    Hao, Y., Bai, D., Li, L.: A meet-in-the-middle attack on round-reduced mCrypton using the differential enumeration technique. In: Au, M.H., Carminati, B., Kuo, C.-C.J. (eds.) NSS 2014. LNCS, vol. 8792, pp. 166–183. Springer, Heidelberg (2014) Google Scholar
  19. 19.
    Hong, D., Koo, B., Sasaki, Y.: Improved preimage attack for 68-step HAS-160. In: Lee, D., Hong, S. (eds.) ICISC 2009. LNCS, vol. 5984, pp. 332–348. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  20. 20.
    Cheon, J.H., Kim, M., Kim, K.: Impossible differential cryptanalysis of Hierocrypt-3 reduced to 3 rounds. NESSIE report (2002)Google Scholar
  21. 21.
    Li, L., Jia, K., Wang, X.: Improved meet-in-the-middle attacks on AES-192 and PRINCE. Cryptology ePrint Archive, Report 2013/573 (2013). http://eprint.iacr.org/
  22. 22.
    Mendel, F., Rechberger, C., Schläffer, M., Thomsen, S.S.: The rebound attack: cryptanalysis of reduced Whirlpool and Grøstl. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 260–276. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  23. 23.
    New European Schemes for Signatures, Integrity, and Encryption. https://www.cosic.esat.kuleuven.be/nessie
  24. 24.
    Ohkuma, K., Muratani, H., Sano, F., Kawamura, S.: The block cipher Hierocrypt. In: Stinson, D.R., Tavares, S. (eds.) SAC 2000. LNCS, vol. 2012, p. 72. Springer, Heidelberg (2001) CrossRefGoogle Scholar
  25. 25.
    Rechberger, C.: Security evaluation of 128-bit block ciphers AES, CIPHERUNICORN-A, and Hierocrypt-3 against biclique attacks. CRYPTREC (2012)Google Scholar
  26. 26.
    Sasaki, Y., Wang, L., Wu, S., Wu, W.: Investigating fundamental security requirements on Whirlpool: improved preimage and collision attacks. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 562–579. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  27. 27.
    Furuya, S., Rijmen, V.: Observations on Hierocrypt-3/L1 key-scheduling algorithms. In: 2nd NESSIE Workshop (2001)Google Scholar
  28. 28.
    Toshiba Corporation: Block cipher family Hierocrypt. http://www.toshiba.co.jp/rdc/security/hierocrypt/index.htm

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Ahmed Abdelkhalek
    • 1
  • Riham AlTawy
    • 1
  • Mohamed Tolba
    • 1
  • Amr M. Youssef
    • 1
  1. 1.Concordia Institute for Information Systems EngineeringConcordia UniversityMontréalCanada

Personalised recommendations