Practical Key Recovery Attack on MANTIS-5

Christoph Erwin Dobraunig; Maria Eichlseder; Daniel Kales; Florian Mendel

doi:10.13154/tosc.v2016.i2.248-260

Practical Key Recovery Attack on MANTIS-5

Christoph Erwin Dobraunig, Maria Eichlseder, Daniel Kales, Florian Mendel

Institut für Angewandte Informationsverarbeitung und Kommunikationstechnologie (7050)

Publikation: Beitrag in einer Fachzeitschrift › Artikel › Begutachtung

Abstract

MANTIS is a lightweight tweakable block cipher published at CRYPTO 2016. In addition to the full 14-round version, MANTIS7, the designers also propose an aggressive 10-round version, MANTIS5. The security claim for MANTIS5 is resistance against “practical attacks”, defined as related-tweak attacks with data complexity 2d less than 230 chosen plaintexts (or 240 known plaintexts), and computational complexity at most 2126−d. We present a key-recovery attack against MANTIS5 with 228 chosen plaintexts and a computational complexity of about 238 block cipher calls, which violates this claim. Our attack is based on a family of differential characteristics and exploits several properties of the lightweight round function and tweakey schedule. To verify the validity of the attack, we also provide a practical implementation which recovers the full key in about 1 core hour using 230 chosen plaintexts.

Originalsprache	englisch
Seiten (von - bis)	248-260
Fachzeitschrift	IACR Transactions on Symmetric Cryptology
Jahrgang	2016
Ausgabenummer	2
DOIs	https://doi.org/10.13154/tosc.v2016.i2.248-260
Publikationsstatus	Veröffentlicht - 2016

Zugriff auf Dokument

10.13154/tosc.v2016.i2.248-260Lizenz: CC BY 4.0

Dieses zitieren

@article{432cbe36e712477da6f1af384a2c37f5,

title = "Practical Key Recovery Attack on MANTIS-5",

abstract = "MANTIS is a lightweight tweakable block cipher published at CRYPTO 2016. In addition to the full 14-round version, MANTIS7, the designers also propose an aggressive 10-round version, MANTIS5. The security claim for MANTIS5 is resistance against “practical attacks”, defined as related-tweak attacks with data complexity 2d less than 230 chosen plaintexts (or 240 known plaintexts), and computational complexity at most 2126−d. We present a key-recovery attack against MANTIS5 with 228 chosen plaintexts and a computational complexity of about 238 block cipher calls, which violates this claim. Our attack is based on a family of differential characteristics and exploits several properties of the lightweight round function and tweakey schedule. To verify the validity of the attack, we also provide a practical implementation which recovers the full key in about 1 core hour using 230 chosen plaintexts.",

author = "Dobraunig, {Christoph Erwin} and Maria Eichlseder and Daniel Kales and Florian Mendel",

year = "2016",

doi = "10.13154/tosc.v2016.i2.248-260",

language = "English",

volume = "2016",

pages = "248--260",

journal = "IACR Transactions on Symmetric Cryptology",

issn = "2519-173X",

publisher = "Ruhr-Universit{\"a}t Bochum",

number = "2",

}

TY - JOUR

T1 - Practical Key Recovery Attack on MANTIS-5

AU - Dobraunig, Christoph Erwin

AU - Eichlseder, Maria

AU - Kales, Daniel

AU - Mendel, Florian

PY - 2016

Y1 - 2016

N2 - MANTIS is a lightweight tweakable block cipher published at CRYPTO 2016. In addition to the full 14-round version, MANTIS7, the designers also propose an aggressive 10-round version, MANTIS5. The security claim for MANTIS5 is resistance against “practical attacks”, defined as related-tweak attacks with data complexity 2d less than 230 chosen plaintexts (or 240 known plaintexts), and computational complexity at most 2126−d. We present a key-recovery attack against MANTIS5 with 228 chosen plaintexts and a computational complexity of about 238 block cipher calls, which violates this claim. Our attack is based on a family of differential characteristics and exploits several properties of the lightweight round function and tweakey schedule. To verify the validity of the attack, we also provide a practical implementation which recovers the full key in about 1 core hour using 230 chosen plaintexts.

AB - MANTIS is a lightweight tweakable block cipher published at CRYPTO 2016. In addition to the full 14-round version, MANTIS7, the designers also propose an aggressive 10-round version, MANTIS5. The security claim for MANTIS5 is resistance against “practical attacks”, defined as related-tweak attacks with data complexity 2d less than 230 chosen plaintexts (or 240 known plaintexts), and computational complexity at most 2126−d. We present a key-recovery attack against MANTIS5 with 228 chosen plaintexts and a computational complexity of about 238 block cipher calls, which violates this claim. Our attack is based on a family of differential characteristics and exploits several properties of the lightweight round function and tweakey schedule. To verify the validity of the attack, we also provide a practical implementation which recovers the full key in about 1 core hour using 230 chosen plaintexts.

U2 - 10.13154/tosc.v2016.i2.248-260

DO - 10.13154/tosc.v2016.i2.248-260

M3 - Article

SN - 2519-173X

VL - 2016

SP - 248

EP - 260

JO - IACR Transactions on Symmetric Cryptology

JF - IACR Transactions on Symmetric Cryptology

IS - 2

ER -

Practical Key Recovery Attack on MANTIS-5

Abstract

Zugriff auf Dokument

Fingerprint

Dieses zitieren