Skip to main content
SpringerLink
Log in

Meet-in-the-Middle Attacks on Reduced-Round Hierocrypt-3

  • Conference paper
  • First Online:
Progress in Cryptology -- LATINCRYPT 2015 (LATINCRYPT 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9230))

Abstract

Hierocrypt-3 is an SPN-based block cipher designed by Toshiba Corporation. It operates on 128-bit state using either 128, 192 or 256-bit key. In this paper, we present two meet-in-the-middle attacks in the single-key setting on the 4-round reduced Hierocrypt-3 with 256-bit key. The first attack is based on the differential enumeration approach where we propose a truncated differential characteristic in the first 2.5 rounds and match a multiset of state differences at its output. The other attack is based on the original meet-in-the-middle attack strategy proposed by Demirci and Selçuk at FSE 2008 to attack reduced versions of both AES-192 and AES-256. For our attack based on the differential enumeration, the master key is recovered with data complexity of \(2^{113}\) chosen plaintexts, time complexity of \(2^{238}\) 4-round reduced Hierocrypt-3 encryptions and memory complexity of \(2^{218}\) 128-bit blocks. The data, time and memory complexities of our second attack are \(2^{32}\), \(2^{245}\) and \(2^{242}\), respectively. To the best of our knowledge, these are the first attacks on 4-round reduced Hierocrypt-3.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. AlTawy, R., Youssef, A.M.: Preimage attacks on reduced-round Stribog. In: Pointcheval, D., Vergnaud, D. (eds.) AFRICACRYPT. LNCS, vol. 8469, pp. 109–125. Springer, Heidelberg (2014)

    Chapter  Google Scholar 

  2. AlTawy, R., Youssef, A.M.: Second preimage analysis of Whirlwind. In: Lin, D., Yung, M., Zhou, J. (eds.) Inscrypt 2014. LNCS, vol. 8957, pp. 311–328. Springer, Heidelberg (2015)

    Google Scholar 

  3. AlTawy, R., Youssef, A.M.: Meet in the middle attacks on reduced round Kuznyechik. Cryptology ePrint Archive, Report 2015/096 (2015). http://eprint.iacr.org/

  4. AlTawy, R., Youssef, A.M.: Differential sieving for 2-step matching meet-in-the-middle attack with application to Lblock. In: Eisenbarth, T., Öztürk, E. (eds.) LightSec 2014. LNCS, vol. 8898, pp. 126–139. Springer, Heidelberg (2015)

    Google Scholar 

  5. Barreto, P.S.L.M., Rijmen, V., Nakahara Jr, J., Preneel, B., Vandewalle, J., Kim, H.Y.: Improved SQUARE attacks against reduced-round HIEROCRYPT. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 165–173. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  6. Bogdanov, A., Khovratovich, D., Rechberger, C.: Biclique cryptanalysis of the full AES. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 344–371. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  7. Bogdanov, A., Rechberger, C.: A 3-subset meet-in-the-middle attack: cryptanalysis of the lightweight block cipher KTANTAN. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) SAC 2010. LNCS, vol. 6544, pp. 229–240. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  8. Canteaut, A., Naya-Plasencia, M., Vayssière, B.: Sieve-in-the-middle: improved MITM attacks. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 222–240. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  9. CRYPTEC: e-Government candidate recommended ciphers list (2013). http://www.cryptrec.go.jp/english/method.html

  10. CRYPTEC: e-Government recommended ciphers list (2003). http://www.cryptrec.go.jp/english/images/cryptrec_01en.pdf

  11. CRYPTEC: Specification on a block cipher: Hierocrypt-3. http://www.cryptrec.go.jp/cryptrec_03_spec_cypherlist_files/PDF/08_02espec.pdf

  12. Daemen, J., Knudsen, L.R., Rijmen, V.: The block cipher SQUARE. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 149–165. Springer, Heidelberg (1997)

    Chapter  Google Scholar 

  13. Demirci, H., Selçuk, A.A.: A meet-in-the-middle attack on 8-round AES. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 116–126. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  14. Demirci, H., Taşkın, I., Oban, M., Baysal, A.: Improved meet-in-the-middle attacks on AES. In: Roy, B., Sendrier, N. (eds.) INDOCRYPT 2009. LNCS, vol. 5922, pp. 144–156. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  15. Derbez, P., Fouque, P.-A., Jean, J.: Improved key recovery attacks on reduced-round AES in the single-key setting. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 371–387. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  16. Diffie, W., Hellman, M.E.: Special feature exhaustive cryptanalysis of the NBS Data Encryption Standard. Computer 10(6), 74–84 (1977)

    Article  Google Scholar 

  17. Dunkelman, O., Keller, N., Shamir, A.: Improved single-key attacks on 8-round AES-192 and AES-256. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 158–176. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  18. Hao, Y., Bai, D., Li, L.: A meet-in-the-middle attack on round-reduced mCrypton using the differential enumeration technique. In: Au, M.H., Carminati, B., Kuo, C.-C.J. (eds.) NSS 2014. LNCS, vol. 8792, pp. 166–183. Springer, Heidelberg (2014)

    Google Scholar 

  19. Hong, D., Koo, B., Sasaki, Y.: Improved preimage attack for 68-step HAS-160. In: Lee, D., Hong, S. (eds.) ICISC 2009. LNCS, vol. 5984, pp. 332–348. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  20. Cheon, J.H., Kim, M., Kim, K.: Impossible differential cryptanalysis of Hierocrypt-3 reduced to 3 rounds. NESSIE report (2002)

    Google Scholar 

  21. Li, L., Jia, K., Wang, X.: Improved meet-in-the-middle attacks on AES-192 and PRINCE. Cryptology ePrint Archive, Report 2013/573 (2013). http://eprint.iacr.org/

  22. Mendel, F., Rechberger, C., Schläffer, M., Thomsen, S.S.: The rebound attack: cryptanalysis of reduced Whirlpool and Grøstl. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 260–276. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  23. New European Schemes for Signatures, Integrity, and Encryption. https://www.cosic.esat.kuleuven.be/nessie

  24. Ohkuma, K., Muratani, H., Sano, F., Kawamura, S.: The block cipher Hierocrypt. In: Stinson, D.R., Tavares, S. (eds.) SAC 2000. LNCS, vol. 2012, p. 72. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  25. Rechberger, C.: Security evaluation of 128-bit block ciphers AES, CIPHERUNICORN-A, and Hierocrypt-3 against biclique attacks. CRYPTREC (2012)

    Google Scholar 

  26. Sasaki, Y., Wang, L., Wu, S., Wu, W.: Investigating fundamental security requirements on Whirlpool: improved preimage and collision attacks. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 562–579. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  27. Furuya, S., Rijmen, V.: Observations on Hierocrypt-3/L1 key-scheduling algorithms. In: 2nd NESSIE Workshop (2001)

    Google Scholar 

  28. Toshiba Corporation: Block cipher family Hierocrypt. http://www.toshiba.co.jp/rdc/security/hierocrypt/index.htm

Download references

Author information

Authors and Affiliations

  1. Concordia Institute for Information Systems Engineering, Concordia University, Montréal, QC, Canada

    Ahmed Abdelkhalek, Riham AlTawy, Mohamed Tolba & Amr M. Youssef

Authors
  1. Ahmed Abdelkhalek
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Riham AlTawy
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mohamed Tolba
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Amr M. Youssef
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Amr M. Youssef .

Editor information

Editors and Affiliations

  1. Microsoft Research, Redmond, Washington, USA

    Kristin Lauter

  2. CINVESTAV-IPN, Mexico City, Distrito Federal, Mexico

    Francisco Rodríguez-Henríquez

A \(MDS_{H}\) and \(MDS_{H}^{-1}\)

A \(MDS_{H}\) and \(MDS_{H}^{-1}\)

\(MDS_{H}\) is represented by:

$$\begin{aligned} \left( \begin{array}{c}y_{0(8)}\\ y_{1(8)}\\ y_{2(8)}\\ y_{3(8)}\\ y_{4(8)}\\ y_{5(8)}\\ y_{6(8)}\\ y_{7(8)}\\ y_{8(8)}\\ y_{9(8)}\\ y_{10(8)}\\ y_{11(8)}\\ y_{12(8)}\\ y_{13(8)}\\ y_{14(8)}\\ y_{15(8)}\\ \end{array} \right) = \left( \begin{array}{c c c c c c c c c c c c c c c c} 1 &{} 0 &{} 1 &{} 0 &{} 1 &{} 0 &{} 1 &{} 0 &{} 1 &{} 1 &{} 0 &{} 1 &{} 1 &{} 1 &{} 1 &{} 1\\ 1 &{} 1 &{} 0 &{} 1 &{} 1 &{} 1 &{} 0 &{} 1 &{} 1 &{} 1 &{} 1 &{} 0 &{} 0 &{} 1 &{} 1 &{} 1\\ 1 &{} 1 &{} 1 &{} 0 &{} 1 &{} 1 &{} 1 &{} 0 &{} 1 &{} 1 &{} 1 &{} 1 &{} 0 &{} 0 &{} 1 &{} 1\\ 0 &{} 1 &{} 0 &{} 1 &{} 0 &{} 1 &{} 0 &{} 1 &{} 1 &{} 0 &{} 1 &{} 0 &{} 1 &{} 1 &{} 1 &{} 0\\ 1 &{} 1 &{} 1 &{} 1 &{} 1 &{} 0 &{} 1 &{} 0 &{} 1 &{} 0 &{} 1 &{} 0 &{} 1 &{} 1 &{} 0 &{} 1\\ 0 &{} 1 &{} 1 &{} 1 &{} 1 &{} 1 &{} 0 &{} 1 &{} 1 &{} 1 &{} 0 &{} 1 &{} 1 &{} 1 &{} 1 &{} 0\\ 0 &{} 0 &{} 1 &{} 1 &{} 1 &{} 1 &{} 1 &{} 0 &{} 1 &{} 1 &{} 1 &{} 0 &{} 1 &{} 1 &{} 1 &{} 1\\ 1 &{} 1 &{} 1 &{} 0 &{} 0 &{} 1 &{} 0 &{} 1 &{} 0 &{} 1 &{} 0 &{} 1 &{} 1 &{} 0 &{} 1 &{} 0\\ 1 &{} 1 &{} 0 &{} 1 &{} 1 &{} 1 &{} 1 &{} 1 &{} 1 &{} 0 &{} 1 &{} 0 &{} 1 &{} 0 &{} 1 &{} 0\\ 1 &{} 1 &{} 1 &{} 0 &{} 0 &{} 1 &{} 1 &{} 1 &{} 1 &{} 1 &{} 0 &{} 1 &{} 1 &{} 1 &{} 0 &{} 1\\ 1 &{} 1 &{} 1 &{} 1 &{} 0 &{} 0 &{} 1 &{} 1 &{} 1 &{} 1 &{} 1 &{} 0 &{} 1 &{} 1 &{} 1 &{} 0\\ 1 &{} 0 &{} 1 &{} 0 &{} 1 &{} 1 &{} 1 &{} 0 &{} 0 &{} 1 &{} 0 &{} 1 &{} 0 &{} 1 &{} 0 &{} 1\\ 1 &{} 0 &{} 1 &{} 0 &{} 1 &{} 1 &{} 0 &{} 1 &{} 1 &{} 1 &{} 1 &{} 1 &{} 1 &{} 0 &{} 1 &{} 0\\ 1 &{} 1 &{} 0 &{} 1 &{} 1 &{} 1 &{} 1 &{} 0 &{} 0 &{} 1 &{} 1 &{} 1 &{} 1 &{} 1 &{} 0 &{} 1\\ 1 &{} 1 &{} 1 &{} 0 &{} 1 &{} 1 &{} 1 &{} 1 &{} 0 &{} 0 &{} 1 &{} 1 &{} 1 &{} 1 &{} 1 &{} 0\\ 0 &{} 1 &{} 0 &{} 1 &{} 1 &{} 0 &{} 1 &{} 0 &{} 1 &{} 1 &{} 1 &{} 0 &{} 0 &{} 1 &{} 0 &{} 1\\ \end{array} \right) \left( \begin{array}{c}x_{0(8)}\\ x_{1(8)}\\ x_{2(8)}\\ x_{3(8)}\\ x_{4(8)}\\ x_{5(8)}\\ x_{6(8)}\\ x_{7(8)}\\ x_{8(8)}\\ x_{9(8)}\\ x_{10(8)}\\ x_{11(8)}\\ x_{12(8)}\\ x_{13(8)}\\ x_{14(8)}\\ x_{15(8)}\\ \end{array} \right) \end{aligned}$$

The inverse matrix, \(MDS_{H}^{-1}\), is given by:

$$\begin{aligned} \left( \begin{array}{c}x_{0(8)}\\ x_{1(8)}\\ x_{2(8)}\\ x_{3(8)}\\ x_{4(8)}\\ x_{5(8)}\\ x_{6(8)}\\ x_{7(8)}\\ x_{8(8)}\\ x_{9(8)}\\ x_{10(8)}\\ x_{11(8)}\\ x_{12(8)}\\ x_{13(8)}\\ x_{14(8)}\\ x_{15(8)}\\ \end{array} \right) = \left( \begin{array}{c c c c c c c c c c c c c c c c} 0 &{} 1 &{} 0 &{} 1 &{} 1 &{} 1 &{} 1 &{} 1 &{} 1 &{} 1 &{} 1 &{} 1 &{} 0 &{} 1 &{} 1 &{} 0\\ 1 &{} 0 &{} 1 &{} 0 &{} 0 &{} 1 &{} 1 &{} 1 &{} 0 &{} 1 &{} 1 &{} 1 &{} 1 &{} 0 &{} 1 &{} 1\\ 1 &{} 1 &{} 0 &{} 1 &{} 0 &{} 0 &{} 1 &{} 1 &{} 0 &{} 0 &{} 1 &{} 1 &{} 0 &{} 1 &{} 0 &{} 1\\ 1 &{} 0 &{} 1 &{} 1 &{} 1 &{} 1 &{} 1 &{} 0 &{} 1 &{} 1 &{} 1 &{} 0 &{} 1 &{} 1 &{} 0 &{} 0\\ 0 &{} 1 &{} 1 &{} 0 &{} 0 &{} 1 &{} 0 &{} 1 &{} 1 &{} 1 &{} 1 &{} 1 &{} 1 &{} 1 &{} 1 &{} 1\\ 1 &{} 0 &{} 1 &{} 1 &{} 1 &{} 0 &{} 1 &{} 0 &{} 0 &{} 1 &{} 1 &{} 1 &{} 0 &{} 1 &{} 1 &{} 1\\ 0 &{} 1 &{} 0 &{} 1 &{} 1 &{} 1 &{} 0 &{} 1 &{} 0 &{} 0 &{} 1 &{} 1 &{} 0 &{} 0 &{} 1 &{} 1\\ 1 &{} 1 &{} 0 &{} 0 &{} 1 &{} 0 &{} 1 &{} 1 &{} 1 &{} 1 &{} 1 &{} 0 &{} 1 &{} 1 &{} 1 &{} 0\\ 1 &{} 1 &{} 1 &{} 1 &{} 0 &{} 1 &{} 1 &{} 0 &{} 0 &{} 1 &{} 0 &{} 1 &{} 1 &{} 1 &{} 1 &{} 1\\ 0 &{} 1 &{} 1 &{} 1 &{} 1 &{} 0 &{} 1 &{} 1 &{} 1 &{} 0 &{} 1 &{} 0 &{} 0 &{} 1 &{} 1 &{} 1\\ 0 &{} 0 &{} 1 &{} 1 &{} 0 &{} 1 &{} 0 &{} 1 &{} 1 &{} 1 &{} 0 &{} 1 &{} 0 &{} 0 &{} 1 &{} 1\\ 1 &{} 1 &{} 1 &{} 0 &{} 1 &{} 1 &{} 0 &{} 0 &{} 1 &{} 0 &{} 1 &{} 1 &{} 1 &{} 1 &{} 1 &{} 0\\ 1 &{} 1 &{} 1 &{} 1 &{} 1 &{} 1 &{} 1 &{} 1 &{} 0 &{} 1 &{} 1 &{} 0 &{} 0 &{} 1 &{} 0 &{} 1\\ 0 &{} 1 &{} 1 &{} 1 &{} 0 &{} 1 &{} 1 &{} 1 &{} 1 &{} 0 &{} 1 &{} 1 &{} 1 &{} 0 &{} 1 &{} 0\\ 0 &{} 0 &{} 1 &{} 1 &{} 0 &{} 0 &{} 1 &{} 1 &{} 0 &{} 1 &{} 0 &{} 1 &{} 1 &{} 1 &{} 0 &{} 1\\ 1 &{} 1 &{} 1 &{} 0 &{} 1 &{} 1 &{} 1 &{} 0 &{} 1 &{} 1 &{} 0 &{} 0 &{} 1 &{} 0 &{} 1 &{} 1\\ \end{array} \right) \left( \begin{array}{c}y_{0(8)}\\ y_{1(8)}\\ y_{2(8)}\\ y_{3(8)}\\ y_{4(8)}\\ y_{5(8)}\\ y_{6(8)}\\ y_{7(8)}\\ y_{8(8)}\\ y_{9(8)}\\ y_{10(8)}\\ y_{11(8)}\\ y_{12(8)}\\ y_{13(8)}\\ y_{14(8)}\\ y_{15(8)}\\ \end{array} \right) \end{aligned}$$

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Abdelkhalek, A., AlTawy, R., Tolba, M., Youssef, A.M. (2015). Meet-in-the-Middle Attacks on Reduced-Round Hierocrypt-3. In: Lauter, K., Rodríguez-Henríquez, F. (eds) Progress in Cryptology -- LATINCRYPT 2015. LATINCRYPT 2015. Lecture Notes in Computer Science(), vol 9230. Springer, Cham. https://doi.org/10.1007/978-3-319-22174-8_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-22174-8_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-22173-1

  • Online ISBN: 978-3-319-22174-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation