Cryptanalysis of DES with a reduced number of rounds
Lecture notes in computer sciences; 218 on Advances in cryptology---CRYPTO 85
A known-plaintext attack on two-key triple encryption
EUROCRYPT '90 Proceedings of the workshop on the theory and application of cryptographic techniques on Advances in cryptology
On the security of multiple encryption
Communications of the ACM
Grain: a stream cipher for constrained environments
International Journal of Wireless and Mobile Computing
PRESENT: An Ultra-Lightweight Block Cipher
CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
The Grain Family of Stream Ciphers
New Stream Cipher Designs
New Stream Cipher Designs
New Stream Cipher Designs
A Meet-in-the-Middle Attack on 8-Round AES
Fast Software Encryption
Hash Functions and RFID Tags: Mind the Gap
CHES '08 Proceeding sof the 10th international workshop on Cryptographic Hardware and Embedded Systems
Finding Preimages in Full MD5 Faster Than Exhaustive Search
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
KATAN and KTANTAN -- A Family of Small and Efficient Hardware-Oriented Block Ciphers
CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
Improved Meet-in-the-Middle Attacks on AES
INDOCRYPT '09 Proceedings of the 10th International Conference on Cryptology in India: Progress in Cryptology
Improved meet-in-the-middle attacks on reduced-round DES
INDOCRYPT'07 Proceedings of the cryptology 8th international conference on Progress in cryptology
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Correlated keystreams in MOUSTIQUE
AFRICACRYPT'08 Proceedings of the Cryptology in Africa 1st international conference on Progress in cryptology
Trivium: a stream cipher construction inspired by block cipher design principles
ISC'06 Proceedings of the 9th international conference on Information Security
HIGHT: a new block cipher suitable for low-resource device
CHES'06 Proceedings of the 8th international conference on Cryptographic Hardware and Embedded Systems
mCrypton – a lightweight block cipher for security of low-cost RFID tags and sensors
WISA'05 Proceedings of the 6th international conference on Information Security Applications
FSE'07 Proceedings of the 14th international conference on Fast Software Encryption
Analysis of 3-line generalized Feistel networks with double SD-functions
Information Processing Letters
A single-key attack on the full GOST block cipher
FSE'11 Proceedings of the 18th international conference on Fast software encryption
LBlock: a lightweight block cipher
ACNS'11 Proceedings of the 9th international conference on Applied cryptography and network security
Improved meet-in-the-middle cryptanalysis of KTANTAN
ACISP'11 Proceedings of the 16th Australasian conference on Information security and privacy
A cryptanalysis of PRINTcipher: the invariant subspace attack
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
Piccolo: an ultra-lightweight blockcipher
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
Biclique cryptanalysis of the full AES
ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
Conditional differential cryptanalysis of trivium and KATAN
SAC'11 Proceedings of the 18th international conference on Selected Areas in Cryptography
Some instant- and practical-time related-key attacks on KTANTAN32/48/64
SAC'11 Proceedings of the 18th international conference on Selected Areas in Cryptography
KLEIN: a new family of lightweight block ciphers
RFIDSec'11 Proceedings of the 7th international conference on RFID Security and Privacy
Cryptanalysis of the light-weight cipher a2u2
IMACC'11 Proceedings of the 13th IMA international conference on Cryptography and Coding
Biclique cryptanalysis of reduced-round piccolo block cipher
ISPEC'12 Proceedings of the 8th international conference on Information Security Practice and Experience
Narrow-Bicliques: cryptanalysis of full IDEA
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
Information Processing Letters
Differential fault analysis of full LBlock
COSADE'12 Proceedings of the Third international conference on Constructive Side-Channel Analysis and Secure Design
Three-subset meet-in-the-middle attack on reduced XTEA
AFRICACRYPT'12 Proceedings of the 5th international conference on Cryptology in Africa
Security analysis of the lightweight block ciphers XTEA, LED and piccolo
ACISP'12 Proceedings of the 17th Australasian conference on Information Security and Privacy
Converting meet-in-the-middle preimage attack into pseudo collision attack: application to SHA-2
FSE'12 Proceedings of the 19th international conference on Fast Software Encryption
Hi-index | 0.00 |
In this paper we describe a variant of existing meet-in-the-middle attacks on block ciphers. As an application, we propose meetin-the-middle attacks that are applicable to the KTANTAN family of block ciphers accepting a key of 80 bits. The attacks are due to some weaknesses in its bitwise key schedule. We report an attack of time complexity 275.170 encryptions on the full KTANTAN32 cipher with only 3 plaintext/ciphertext pairs and well as 275.044 encryptions on the full KTANTAN48 and 275.584 encryptions on the full KTANTAN64 with 2 plaintext/ciphertext pairs. All these attacks work in the classical attack model without any related keys. In the differential related-key model, we demonstrate 218- and 174- round differentials holding with probability 1. This shows that a strong related-key property can translate to a successful attack in the nonrelated-key setting. Having extremely low data requirements, these attacks are valid even in RFID-like environments where only a very limited amount of text material may be available to an attacker.