Conditional Cube Attack on Lightweight Sycon-AEAD-64

Huang et al. introduced the conditional cube attack at EUROCRYPT 2017, where it was presented as a conditional cube variable with specific key bit conditions that significantly reduced diffusion. This attack necessitates a set of cube variables that are not multiplied in the first round, while the conditional cube variable is not multiplied with ordinary cube variables during the initial two rounds. Sycon v1.0 is part of the first lightweight cryptography standardization processes initiated by the National Institute of Standards and Technology (NIST). Sycon was proposed as a high-performing simple permutation due to its resistance to cryptanalytic attacks. Sycon-AEAD consists of two authenticated encryption with associated data (AEAD) schemes: 1) Sycon-AEAD-64 and 2) Sycon-AEAD-96. This study presents a novel partial state recovery conditional cube attack on Sycon-AEAD-64, which can recover 141 out of 256 bits of partial secret state with a data complexity of 2^{52.21} .