Single Key Recovery Attacks on 9-Round Kalyna-128/256 and Kalyna-256/512

  • Akshima
  • Donghoon Chang
  • Mohona Ghosh
  • Aarushi GoelEmail author
  • Somitra Kumar Sanadhya
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9558)


The Kalyna block cipher has recently been established as the Ukranian encryption standard in June, 2015. It was selected in a Ukrainian National Public Cryptographic Competition running from 2007 to 2010. Kalyna supports block sizes and key lengths of 128, 256 and 512 bits. Denoting variants of Kalyna as Kalyna-b / k, where b denotes the block size and k denotes the keylength, the design specifies \(k \in \{b, 2b\}\). In this work, we re-evaluate the security bound of some reduced round Kalyna variants, specifically Kalyna-128 / 256 and Kalyna-256 / 512 against key recovery attacks in the single key model. We first construct new 6-round distinguishers and then use these distinguishers to demonstrate 9-round attacks on these Kalyna variants. These attacks improve the previous best 7-round attacks on the same.

Our 9-round attack on Kalyna-128/256 has data, time and memory complexity of \(2^{105}\), \(2^{245.83}\) and \(2^{226.86}\) respectively. For our 9-round attack on Kalyna-256/512, the data/time/memory complexities are \(2^{217}\), \(2^{477.83}\) and \(2^{451.45}\) respectively. The attacks presented in this work are the current best on Kalyna. We apply multiset attack - a variant of meet-in-the-middle attack to achieve these results.


Block cipher Kalyna Key recovery Differential enumeration Single key model 


  1. 1.
    AlTawy, R., Abdelkhalek, A., Youssef, A.M.: A meet-in-the-middle attack on reduced-round kalyna-b/2b. IACR Cryptol. ePrint Arch. 2015, 762 (2015). Google Scholar
  2. 2.
    Joan, D., Vincent, R.: The Design of Rijndael: AES - The Advanced Encryption Standard. Information Security and Cryptography. Springer, New York (2002)zbMATHGoogle Scholar
  3. 3.
    Daemen, J., Rijmen, V.: Understanding two-round differentials in AES. In: De Prisco, R., Yung, M. (eds.) SCN 2006. LNCS, vol. 4116, pp. 78–94. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  4. 4.
    Demirci, H., Selçuk, A.A.: A meet-in-the-middle attack on 8-round AES. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 116–126. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  5. 5.
    Derbez, P., Fouque, P.-A., Jean, J.: Improved key recovery attacks on reduced-round AES in the single-key setting. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 371–387. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  6. 6.
    Dunkelman, O., Keller, N., Shamir, A.: Improved single-key attacks on 8-round AES-192 and AES-256. J. Cryptol. 28(3), 397–422 (2015)MathSciNetCrossRefzbMATHGoogle Scholar
  7. 7.
    Lamberger, M., Mendel, F., Rechberger, C., Rijmen, V., Schläffer, M.: Rebound distinguishers: results on the full whirlpool compression function. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 126–143. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  8. 8.
    Li, L., Jia, K., Wang, X.: Improved single-key attacks on 9-round AES-192/256. In: Cid, C., Rechberger, C. (eds.) FSE 2014. LNCS, vol. 8540, pp. 127–146. Springer, Heidelberg (2015)Google Scholar
  9. 9.
    Oliynykov, R.: Next generation of block ciphers providing high-level security, June 2015.
  10. 10.
    Oliynykov, R., Gorbenko, I., Kazymyrov, O., Ruzhentsev, V., Kuznetsov, O., Gorbenko, Y., Dyrda, O., Dolgov, V., Pushkaryov, A., Mordvinov, R., Kaidalov, D.: A new encryption standard of Ukraine: The Kalyna block cipher. IACR Cryptol. ePrint Arch. 2015, 650 (2015). Google Scholar
  11. 11.
    Rongjia, L., Chenhui, J.: Meet-in-the-middle attacks on 10-round AES-256. Designs, Codes and Cryptography, pp. 1–13 (2015)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Akshima
    • 1
  • Donghoon Chang
    • 1
  • Mohona Ghosh
    • 1
  • Aarushi Goel
    • 1
    Email author
  • Somitra Kumar Sanadhya
    • 1
  1. 1.Indraprastha Institute of Information TechnologyDelhi (IIIT-D)India

Personalised recommendations