Welcome to the resource topic for 2025/082
Title:
Meet-in-the-Middle Attack on Primitives with Binary Matrix Linear Layer
Authors: Qingliang Hou, Kuntong Li, Guoyan Zhang, Yanzhao Shen, Qidi You, Xiaoyang Dong
Abstract:Meet-in-the-middle (MitM) is a powerful approach for the cryptanalysis of symmetric primitives. In recent years, MitM has led to many improved records about key recovery, preimage and collision attacks with the help of automated tools. However, most of the previous work target \texttt{AES}-like hashing where the linear layer is an MDS matrix. And we observe that their automatic model for MDS matrix is not suitable for primitives using a binary matrix as their linear layer.
In this paper, we propose the \texttt{n-XOR} model to describe the \texttt{XOR} operation with an arbitrary number of inputs. And it can be applied to primitives with a binary matrix of arbitrary size. Then, we propose a check model to eliminate the possible inaccuracies caused by \texttt{n-XOR}. But the check model is limited by the input size (not greater than 4). Combined with the two new models, we find a MitM key recovery attack on 11-round \texttt{Midori64}. When the whitening keys are excluded, a MitM key recovery attack can be mounted on the 12-round \texttt{Midori64}. Compared with the previous best work, both of the above results have distinct advantages in terms of reducing memory and data complexity.
At last, we apply the \texttt{n-XOR} model to the hashing modes of primitives with large size binary matrix. The preimage attack on weakened \texttt{camellia}-{\tt MMO} (without FL/FL^{-1} and whitening layers) and \texttt{Aria}-{\tt DM} are both improved by 1 round.
ePrint: https://eprint.iacr.org/2025/082
See all topics related to this paper.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .