[Resource Topic] 2016/754: Practical Key Recovery Attack on MANTIS-5

Welcome to the resource topic for 2016/754

Practical Key Recovery Attack on MANTIS-5

Authors: Christoph Dobraunig, Maria Eichlseder, Daniel Kales, Florian Mendel


MANTIS is a lightweight tweakable block cipher recently published at CRYPTO 2016. In addition to the full 14-round version, MANTIS-7, the designers also propose an aggressive 10-round version, MANTIS-5. The security claim for MANTIS-5 is resistance against “practical attacks”, defined as related-tweak attacks with data complexity 2^d less than 2^{30} chosen plaintexts (or 2^{40} known plaintexts), and computational complexity at most 2^{126-d}. We present a key-recovery attack against MANTIS-5 with 2^{28} chosen plaintexts and a computational complexity of about 2^{38} block cipher calls, which violates this claim. Our attack is based on a family of differential characteristics and exploits several properties of the lightweight round function and tweakey schedule. To verify the validity of the attack, we also provide a practical implementation which recovers the full key in about 1 core hour using 2^{30} chosen plaintexts.

ePrint: https://eprint.iacr.org/2016/754

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .