[Resource Topic] 2016/1161: Impossible Differential Attack on Simpira v2

Welcome to the resource topic for 2016/1161

Title:
Impossible Differential Attack on Simpira v2

Authors: Rui Zong, Xiaoyang Dong, Xiaoyun Wang

Abstract:

Simpira v2 is a family of cryptographic permutations proposed at ASIACRYPT 2016 which can be used to construct high throughput block ciphers using the Even-Mansour construction, permutation-based hashing and wide-block authenticated encryption. In this paper, we give a 9-round impossible differential of Simpira-4, which turns out to be the first 9-round impossible differential. In order to get some efficient key recovery attacks on its block cipher mode (EM construction with Simpira-4), we use some 6/7-round shrunken impossible differentials. Based on eight different 6-round impossible differentials, we propose a series of 7-round key recovery attacks on the block cipher mode, each 6-round impossible differential helps to recover 32-bit of the master key (512-bit) and totally half of the master key bits are recovered. The attacks need 2^{57} chosen plaintexts and 2^{57} 7-round encryptions. Furthermore, based on ten 7-round impossible differentials, we add one round on the top or at the bottom to mount ten 8-round key recovery attacks on the block cipher mode, which recover the full key space (512-bit) with the data complexity of 2^{170} chosen plaintexts and time complexity of 2^{170} 8-round encryptions. Those are the first attacks on round-reduced Simpira v2 and do not threaten the EM mode with the full 15-round Simpira-4.

ePrint: https://eprint.iacr.org/2016/1161

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .