-
Views
-
Cite
Cite
Ya Liu, Bing Shi, Dawu Gu, Fengyu Zhao, Wei Li, Zhiqiang Liu, Improved Meet-in-the-Middle Attacks on Reduced-Round Deoxys-BC-256, The Computer Journal, Volume 63, Issue 12, December 2020, Pages 1859–1870, https://doi.org/10.1093/comjnl/bxaa028
- Share Icon Share
Abstract
In ASIACRYPT 2014, Jean et al. proposed the authentication encryption scheme Deoxys, which is one of the third-round candidates in CAESAR competition. Its internal block cipher is called Deoxys-BC that adopts the tweakey frame. Deoxys-BC has two versions of the tweakey size that are 256 bits and 384 bits, denoted by Deoxys-BC-256 and Deoxys-BC-384, respectively. In this paper, we revaluate the security of Deoxys-BC-256 against the meet-in-the-middle attack to obtain some new results. First, we append one round at the top and two rounds at the bottom of a 6-round distinguisher to form a 9-round truncated differential path with the probability of |$2^{-144}$|. Based on it, the adversary can attack 9-round Deoxys-BC-256 with |$2^{108}$| chosen plaintext-tweaks, |$2^{113.6}$| encryptions and |$2^{102}$| blocks. Second, we construct a new 6.5-round distinguisher to form 10-round attacking path with the probability of |$2^{-152}$|. On the basis of it, the adversary could attack 10-round Deoxys-BC-256 with |$2^{115}$| chosen plaintext-tweaks, |$2^{171}$| encryptions and |$2^{152}$| blocks. These two attacks improve the previous cryptanalytic results on reduced-round Deoxys-BC-256 against the meet-in-the-middle attack.