A known-plaintext attack on two-key triple encryption
EUROCRYPT '90 Proceedings of the workshop on the theory and application of cryptographic techniques on Advances in cryptology
PRESENT: An Ultra-Lightweight Block Cipher
CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
Finding Preimages in Full MD5 Faster Than Exhaustive Search
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
Preimage Attacks on One-Block MD4, 63-Step MD5 and More
Selected Areas in Cryptography
KATAN and KTANTAN -- A Family of Small and Efficient Hardware-Oriented Block Ciphers
CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
A practical-time related-key attack on the KASUMI cryptosystem used in GSM and 3G telephony
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
A 3-subset meet-in-the-middle attack: cryptanalysis of the lightweight block cipher KTANTAN
SAC'10 Proceedings of the 17th international conference on Selected areas in cryptography
Meet-in-the-middle attacks on reduced-round XTEA
CT-RSA'11 Proceedings of the 11th international conference on Topics in cryptology: CT-RSA 2011
Meet-in-the-middle preimage attacks on AES hashing modes and an application to whirlpool
FSE'11 Proceedings of the 18th international conference on Fast software encryption
Improved meet-in-the-middle cryptanalysis of KTANTAN
ACISP'11 Proceedings of the 16th Australasian conference on Information security and privacy
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
Piccolo: an ultra-lightweight blockcipher
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
A related-key rectangle attack on the full KASUMI
ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
Biclique cryptanalysis of the full AES
ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
Biclique cryptanalysis of reduced-round piccolo block cipher
ISPEC'12 Proceedings of the 8th international conference on Information Security Practice and Experience
Narrow-Bicliques: cryptanalysis of full IDEA
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
Biclique attack on the full HIGHT
ICISC'11 Proceedings of the 14th international conference on Information Security and Cryptology
Zero correlation linear cryptanalysis with reduced data complexity
FSE'12 Proceedings of the 19th international conference on Fast Software Encryption
Bicliques for preimages: attacks on skein-512 and the SHA-2 family
FSE'12 Proceedings of the 19th international conference on Fast Software Encryption
Differential analysis of the LED block cipher
ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
Hi-index | 0.00 |
In this paper, we investigate the security of the lightweight block ciphers against the meet-in-the-middle (MITM) attack. Since the MITM attack mainly exploits low key-dependency in a key expanding function, the block ciphers having a simple key expanding function are likely to be vulnerable to the MITM attack. On the other hand, such a simple key expanding function leads compact implementation, and thus is utilized in several lightweight block ciphers. However, the security of such lightweight block ciphers against the MITM attack has not been studied well so far. We apply the MITM attack to the ciphers, then give more accurate security analysis for them. Specifically, combining thorough analysis with new techniques, we present the MITM attacks on 29, 8, 16, 14 and 21 rounds of XTEA, LED-64, LED-128, Piccolo-80 and Piccolo-128, respectively. Consequently, it is demonstrated that the MITM attack is the most powerful attack in the single-key setting on those ciphers with respect to the number of attacked rounds. Moreover, we consider the possibility of applying the recent speed-up keysearch based on MITM attack to those ciphers.