Search
Close
Search
Advanced Search
Search Menu

Abstract

In ASIACRYPT 2014, Jean et al. proposed the authentication encryption scheme Deoxys, which is one of the third-round candidates in CAESAR competition. Its internal block cipher is called Deoxys-BC that adopts the tweakey frame. Deoxys-BC has two versions of the tweakey size that are 256 bits and 384 bits, denoted by Deoxys-BC-256 and Deoxys-BC-384, respectively. In this paper, we revaluate the security of Deoxys-BC-256 against the meet-in-the-middle attack to obtain some new results. First, we append one round at the top and two rounds at the bottom of a 6-round distinguisher to form a 9-round truncated differential path with the probability of |$2^{-144}$|⁠. Based on it, the adversary can attack 9-round Deoxys-BC-256 with |$2^{108}$| chosen plaintext-tweaks, |$2^{113.6}$| encryptions and |$2^{102}$| blocks. Second, we construct a new 6.5-round distinguisher to form 10-round attacking path with the probability of |$2^{-152}$|⁠. On the basis of it, the adversary could attack 10-round Deoxys-BC-256 with |$2^{115}$| chosen plaintext-tweaks, |$2^{171}$| encryptions and |$2^{152}$| blocks. These two attacks improve the previous cryptanalytic results on reduced-round Deoxys-BC-256 against the meet-in-the-middle attack.

© The British Computer Society 2020. All rights reserved. For permissions, please e-mail: journals.permissions@oup.com
This article is published and distributed under the terms of the Oxford University Press, Standard Journals Publication Model (https://academic.oup.com/journals/pages/open_access/funder_policies/chorus/standard_publication_model)
Issue Section:
Articles
You do not currently have access to this article.
Download all slides