Cryptanalysis of ARMADILLO2

  • Mohamed Ahmed Abdelraheem
  • Céline Blondeau
  • María Naya-Plasencia
  • Marion Videau
  • Erik Zenner
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7073)


ARMADILLO2 is the recommended variant of a multipurpose cryptographic primitive dedicated to hardware which has been proposed by Badel et al. in [1]. In this paper, we describe a meet-in-the-middle technique relying on the parallel matching algorithm that allows us to invert the ARMADILLO2 function. This makes it possible to perform a key recovery attack when used as a FIL-MAC. A variant of this attack can also be applied to the stream cipher derived from the PRNG mode. Finally we propose a (second) preimage attack when used as a hash function. We have validated our attacks by implementing cryptanalysis on scaled variants. The experimental results match the theoretical complexities.

In addition to these attacks, we present a generalization of the parallel matching algorithm, which can be applied in a broader context than attacking ARMADILLO2.


ARMADILLO2 meet-in-the-middle key recovery attack preimage attack parallel matching algorithm 


  1. 1.
    Badel, S., Dağtekin, N., Nakahara Jr., J., Ouafi, K., Reffé, N., Sepehrdad, P., Sušil, P., Vaudenay, S.: ARMADILLO: A Multi-purpose Cryptographic Primitive Dedicated to Hardware. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 398–412. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  2. 2.
    Khovratovich, D., Naya-Plasencia, M., Röck, A., Schläffer, M.: Cryptanalysis of Luffa v2 Components. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) SAC 2010. LNCS, vol. 6544, pp. 388–409. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  3. 3.
    Moldovyan, A.A., Moldovyan, N.A.: A Cipher Based on Data-Dependent Permutations. Journal of Cryptology 15(1), 61–72 (2002)CrossRefMathSciNetGoogle Scholar
  4. 4.
    Naya-Plasencia, M.: How to Improve Rebound Attacks. Tech. Rep. Report 2010/607, Cryptology ePrint Archive (2010), (extended version)
  5. 5.
    Naya-Plasencia, M.: How to Improve Rebound Attacks. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 188–205. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  6. 6.
    Sepehrdad, P., Sušil, P., Vaudenay, S.: Fast Key Recovery Attack on ARMADILLO1 and Variants. In: Tenth Smart Card Research and Advanced Application Conference, CARDIS 2011. LNCS (to appear, 2011)Google Scholar

Copyright information

© International Association for Cryptologic Research 2011

Authors and Affiliations

  • Mohamed Ahmed Abdelraheem
    • 1
  • Céline Blondeau
    • 2
  • María Naya-Plasencia
    • 3
    • 4
  • Marion Videau
    • 5
    • 6
  • Erik Zenner
    • 7
  1. 1.Department of MathematicsTechnical University of DenmarkDenmark
  2. 2.INRIA, project-team SECRETFrance
  3. 3.FHNWWindischSwitzerland
  4. 4.University of VersaillesFrance
  5. 5.Agence nationale de la sécurité des systèmes d’informationFrance
  6. 6.Université Henri Poincaré-Nancy 1 / LORIAFrance
  7. 7.University of Applied SciencesOffenburgGermany

Personalised recommendations