Algebraic Cryptanalysis of Variants of Frit

Christoph Dobraunig, Maria Eichlseder*, Florian Mendel, Markus Schofnegger

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference paperpeer-review


Frit is a cryptographic 384-bit permutation recently proposed by Simon et al. and follows a novel design approach for built-in countermeasures against fault attacks. We analyze the cryptanalytic security of Frit in different use cases and propose attacks on the full-round primitive. We show that the inverse of Frit is significantly weaker than Frit from an algebraic perspective, despite the better diffusion of the inverse of the mixing functions Its round function has an effective algebraic degree of only about 1.325. We show how to craft structured input spaces to linearize up to 4 (or, conditionally, 5) rounds and thus further reduce the degree. As a result, we propose very low-dimensional start-in-the-middle zero-sum partitioning distinguishers for unkeyed Frit, as well as integral distinguishers for reduced-round Frit and full-round We also consider keyed Frit variants using Even-Mansour or arbitrary round keys. By using optimized interpolation attacks and symbolically evaluating up to 5 rounds of we obtain key-recovery attacks with a complexity of either chosen plaintexts and time, or chosen ciphertexts and time (about 5 seconds in practice).

Original languageEnglish
Title of host publicationSelected Areas in Cryptography – SAC 2019 - 26th International Conference, Revised Selected Papers
EditorsKenneth G. Paterson, Douglas Stebila
Number of pages22
ISBN (Print)9783030384708
Publication statusPublished - 10 Jan 2020
Event26th International Conference on Selected Areas in Cryptography: SAC 2019 - Waterloo, Canada
Duration: 12 Aug 201916 Aug 2019

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11959 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference26th International Conference on Selected Areas in Cryptography
Abbreviated titleSAC 2019


  • cryptanalysis
  • Frit
  • higher-order differentials
  • interpolation attack
  • Interpolation
  • Cryptanalysis
  • Higher-order differentials

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)


Dive into the research topics of 'Algebraic Cryptanalysis of Variants of Frit'. Together they form a unique fingerprint.

Cite this