ARMADILLO: a multi-purpose cryptographic primitive dedicated to hardware
CHES'10 Proceedings of the 12th international conference on Cryptographic hardware and embedded systems
Cryptanalysis of Luffa v2 components
SAC'10 Proceedings of the 17th international conference on Selected areas in cryptography
How to improve rebound attacks
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
Fast key recovery attack on ARMADILLO1 and variants
CARDIS'11 Proceedings of the 10th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
Fast key recovery attack on ARMADILLO1 and variants
CARDIS'11 Proceedings of the 10th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
Cryptanalysis of the light-weight cipher a2u2
IMACC'11 Proceedings of the 13th IMA international conference on Cryptography and Coding
Practical cryptanalysis of ARMADILL02
FSE'12 Proceedings of the 19th international conference on Fast Software Encryption
Multipurpose cryptographic primitive ARMADILLO3
CARDIS'12 Proceedings of the 11th international conference on Smart Card Research and Advanced Applications
Hi-index | 0.00 |
ARMADILLO2 is the recommended variant of a multipurpose cryptographic primitive dedicated to hardware which has been proposed by Badel et al. in [1]. In this paper, we describe a meet-in-the-middle technique relying on the parallel matching algorithm that allows us to invert the ARMADILLO2 function. This makes it possible to perform a key recovery attack when used as a FIL-MAC. A variant of this attack can also be applied to the stream cipher derived from the PRNG mode. Finally we propose a (second) preimage attack when used as a hash function. We have validated our attacks by implementing cryptanalysis on scaled variants. The experimental results match the theoretical complexities. In addition to these attacks, we present a generalization of the parallel matching algorithm, which can be applied in a broader context than attacking ARMADILLO2.