[Resource Topic] 2015/1189: Invariant Subspace Attack Against Full Midori64

Welcome to the resource topic for 2015/1189

Title:
Invariant Subspace Attack Against Full Midori64

Authors: Jian Guo, Jérémy Jean, Ivica Nikolić, Kexin Qiao, Yu Sasaki, Siang Meng Sim

Abstract:

In this paper, we present an invariant subspace attack against block cipher Midori64 which has recently been proposed by Banik et al. at Asiacrypt 2015 to achieve low energy consumption. We show that when each nibble of the key has the value 0 or 1 and each nibble of the plaintext has the value 8 or 9, each nibble of the ciphertext also has the value 8 or 9 with probability one regardless of the number of rounds applied. This fact indicates that Midori64 has a class of 2^{32} weak keys that can be distinguished with a single query. It also indicates that the number of keys generated uniformly at random for Midori64 must not exceed 2^{96}, i.e., the pseudorandom-permutation security of Midori64 is only up to 96 bits instead of 128 bits. Interestingly, given the information that the key is from the 2^{32} weak key subspace, key recovery can be performed within time complexity 2^{16} and data complexity 2^1. We have confirmed the correctness of the analysis by implementing the attack. At the current stage, our attacks do not apply to Midori128.

ePrint: https://eprint.iacr.org/2015/1189

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .