[Resource Topic] 2015/1227: Single Key Recovery Attacks on 9-round Kalyna-128/256 and Kalyna-256/512

Welcome to the resource topic for 2015/1227

Title:
Single Key Recovery Attacks on 9-round Kalyna-128/256 and Kalyna-256/512

Authors: Akshima, Donghoon Chang, Mohona Ghosh, Aarushi Goel, Somitra Kumar Sanadhya

Abstract:

The Kalyna block cipher has recently been established as the Ukranian encryption standard in June, 2015. It was selected in a Ukrainian National Public Cryptographic Competition running from 2007 to 2010. Kalyna supports block sizes and key lengths of 128, 256 and 512 bits. Denoting the variants of Kalyna as Kalyna-b/k, where b denotes the block size and k denotes the keylength, the design specifies k \in \{b, 2b\}. In this work, we re-evaluate the security bound of some reduced round Kalyna variants, specifically Kalyna-128/256 and Kalyna-256/512 against key recovery attacks in the single key model. We first construct new 6-round distinguishers and then use these distinguishers to demonstrate 9-round attacks on these Kalyna variants. These attacks improve the previous best 7-round attacks on the same.\ Our 9-round attack on Kalyna-128/256 has data, time and memory complexity of 2^{105}, 2^{245.83} and 2^{226.86} respectively. For our 9-round attack on Kalyna-256/512, the data/time/memory complexities are 2^{217}, 2^{477.83} and 2^{443.45} respectively. The time and data complexities for Kalyna-256/512 reported in this work improve upon the previous best 7-round attack complexities on the same. The attacks presented in this work are currently the best on Kalyna. We apply multiset attack - a variant of meet-in-the-middle attack to achieve these results.

ePrint: https://eprint.iacr.org/2015/1227

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .