Nonlinear Invariant Attack: Practical Attack on Full SCREAM, iSCREAM, and Midori64

Nonlinear Invariant Attack: Practical Attack on Full SCREAM, iSCREAM, and Midori64

In this paper, we introduce a new type of attack, called nonlinear invariant attack . As application examples, we present new attacks that are able to distinguish the full versions of the (tweakable) block ciphers Scream, iScream and Midori64 in a weak-key setting. Those attacks require only a handf...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Journal of cryptology 2019-10, Vol.32 (4), p.1383-1422
Hauptverfasser: Todo, Yosuke, Leander, Gregor, Sasaki, Yu
Format: Artikel
Sprache:eng
Schlagworte:
Algorithms
Coding and Information Theory
Combinatorics
Communications Engineering
Computational Mathematics and Numerical Analysis
Computer Science
Encryption
Invariants
Networks
Probability Theory and Stochastic Processes
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:In this paper, we introduce a new type of attack, called nonlinear invariant attack . As application examples, we present new attacks that are able to distinguish the full versions of the (tweakable) block ciphers Scream, iScream and Midori64 in a weak-key setting. Those attacks require only a handful of plaintext–ciphertext pairs and have minimal computational costs. Moreover, the nonlinear invariant attack on the underlying (tweakable) block cipher can be extended to a ciphertext-only attack in well-known modes of operation such as CBC or CTR. The plaintext of the authenticated encryption schemes SCREAM and iSCREAM can be practically recovered only from the ciphertexts in the nonce-respecting setting. This is the first result breaking a security claim of SCREAM. Moreover, the plaintext in Midori64 with well-known modes of operation can practically be recovered. All of our attacks are experimentally verified.
ISSN:0933-2790
1432-1378
DOI:10.1007/s00145-018-9285-0