[Resource Topic] 2023/1691: Some Results on Related Key-IV Pairs of Espresso

Welcome to the resource topic for 2023/1691

Title:
Some Results on Related Key-IV Pairs of Espresso

Authors: George Teseleanu

Abstract:

In this paper, we analyze the Espresso cipher from a related key chosen IV perspective. More precisely, we explain how one can obtain Key-IV pairs such that Espresso’s keystreams either have certain identical bits or are shifted versions of each other. For the first case, we show how to obtain such pairs after 2^{32} iterations, while for the second case, we present an algorithm that produces such pairs in 2^{28} iterations. Moreover, we show that by making a minor change in the padding used during the initialization phase, it can lead to a more secure version of the cipher. Specifically, changing the padding increases the complexity of our second attack from 2^{28} to 2^{34}. Finally, we show how related IVs can accelerate brute force attacks, resulting in a faster key recovery. Although our work does not have any immediate implications for breaking the Espresso cipher, these observations are relevant in the related-key chosen IV scenario.

ePrint: https://eprint.iacr.org/2023/1691

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .