Cryptanalysis of ARMADILLO2

Authors:
Mohamed Ahmed Abdelraheem;Céline Blondeau;María Naya-Plasencia;Erik Zenner
Affiliations:
Department of Mathematics, Technical University of Denmark, Denmark;INRIA, project-team SECRET, France;FHNW, Windisch, Switzerland;University of Applied Sciences, Offenburg, Germany
Venue:
ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
Year:
2011

Citing 4
Cited 5

ARMADILLO: a multi-purpose cryptographic primitive dedicated to hardware

CHES'10 Proceedings of the 12th international conference on Cryptographic hardware and embedded systems
Cryptanalysis of Luffa v2 components

SAC'10 Proceedings of the 17th international conference on Selected areas in cryptography
How to improve rebound attacks

CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
Fast key recovery attack on ARMADILLO1 and variants

CARDIS'11 Proceedings of the 10th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications

The LED block cipher

CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
Fast key recovery attack on ARMADILLO1 and variants

CARDIS'11 Proceedings of the 10th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
Cryptanalysis of the light-weight cipher a2u2

IMACC'11 Proceedings of the 13th IMA international conference on Cryptography and Coding
Practical cryptanalysis of ARMADILL02

FSE'12 Proceedings of the 19th international conference on Fast Software Encryption
Multipurpose cryptographic primitive ARMADILLO3

CARDIS'12 Proceedings of the 11th international conference on Smart Card Research and Advanced Applications

Quantified Score

Hi-index	0.00

Visualization

Abstract

ARMADILLO2 is the recommended variant of a multipurpose cryptographic primitive dedicated to hardware which has been proposed by Badel et al. in [1]. In this paper, we describe a meet-in-the-middle technique relying on the parallel matching algorithm that allows us to invert the ARMADILLO2 function. This makes it possible to perform a key recovery attack when used as a FIL-MAC. A variant of this attack can also be applied to the stream cipher derived from the PRNG mode. Finally we propose a (second) preimage attack when used as a hash function. We have validated our attacks by implementing cryptanalysis on scaled variants. The experimental results match the theoretical complexities. In addition to these attacks, we present a generalization of the parallel matching algorithm, which can be applied in a broader context than attacking ARMADILLO2.