Welcome to the resource topic for 2025/1581
Title:
Cryptanalysis of ChiLow with Cube-Like Attacks
Authors: Shuo Peng, Jiahui He, Kai Hu, Zhongfeng Niu, Shahram Rasoolzadeh, Meiqin Wang
Abstract:Proposed in EUROCRYPT~2025, \chilow is a family of tweakable block ciphers and a related PRF built on the novel nonlinear \chichi function, designed to enable efficient and secure embedded code encryption.
The only key-recovery results of \chilow are from designers which can reach at most 4 out of 8 rounds, which is not enough for a low-latency cipher like \chilow: more cryptanalysis efforts are expected.
Considering the low-degree \chichi function, we present three kinds of cube-like attacks on \chilow-32 under both single-tweak and multi-tweak settings, including
\begin{itemize}
\item[-] a \textit{conditional cube attack} in the multi-tweak setting, which enables full key recovery for 5-round and 6-round instances with time complexities 2^{32} and 2^{120}, data complexities 2^{23.58} and 2^{40}, and negligible memory requirements, respectively.
\item[-] a \textit{borderline cube attack} in the multi-tweak setting, which recovers the full key of 5-round \chilow-32 with time, data, and memory complexities of 2^{32}, 2^{18.58}, and 2^{33.56}, respectively. For 6-round \chilow-32, it achieves full key recovery with time, data, and memory complexities of 2^{34}, 2^{33.58}, and 2^{54.28}, respectively.
Both attacks are practical.
\item [-] an \textit{integral attack} on 7-round \chilow-32 in the single-tweak setting.
By combining a 4-round borderline cube with three additional rounds, we reduce the round-key search space from 2^{96} to 2^{73}. Moreover, we present a method to recover the master key based on round-key information, allowing us to recover the master key for 7-round \chilow-32 with a time complexity of 2^{127.78}.
\end{itemize}
All of our attacks respect security claims made by the designers.
Though our analysis does not compromise the security of the full 8-round \chilow, we hope that our results offer valuable insights into its security properties.
ePrint: https://eprint.iacr.org/2025/1581
See all topics related to this paper.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .