New MILP Modeling: Improved Conditional Cube Attacks to Keccak-based Constructions
نویسندگان
چکیده
In this paper, we provide a new MILP modeling to find better/optimal choices of conditional cubes. These choices generally find new or improved attacks against the keyed constructions based on Keccak permutations, including Keccak-MAC, KMAC, Kravatte, Keyak, and Ketje, in terms of attack complexities or the number of attacked rounds. Specifically, we find new key recovery attacks against KMAC128 and KMAC256, which are NIST standard way of constructing MAC from SHA-3, reduced to 7 and 9 rounds respectively. For Kravatte, up to 10 out of 14 rounds can be attacked similarly. The best attack against Lake Keyak with 128-bit keys is improved from 6 to 8 rounds in the nonce respected setting and 9 rounds of Lake Keyak can be attacked if the key size is 256. Attack complexity improvements are found generally on other constructions. To verify the correctness of our attacks, reducedvariants of the attacks against KMAC are implemented and tested on a PC practically.
منابع مشابه
Improved Conditional Cube Attacks on Keccak Keyed Modes with MILP Method
Conditional cube attack is an efficient key-recovery attack on Keccak keyed modes proposed by Huang et al. at EUROCRYPT 2017. By assigning bit conditions, the diffusion of a conditional cube variable is reduced. Then, using a greedy algorithm (Algorithm 4 in Huang et al.’s paper), Huang et al. find some ordinary cube variables, that do not multiply together in the 1st round and do not multiply ...
متن کاملConditional Cube Attack on Reduced-Round Keccak Sponge Function
Since Keccak was selected as SHA-3 hash function by NIST, it has attracted considerable attention from cryptographic researchers. Keccak sponge function [1] has also been used to design message authentication codes (MAC) and authenticated encryption (AE) scheme Keyak. Till now, the most efficient key recovery attacks on Keccak-MAC and Keyak are cube attacks and cube-attack-like cryptanalysis pr...
متن کاملConditional Cube Attack on Round-Reduced River Keyak
This paper evaluates the security level of the River Keyak against the cube-like attack. River Keyak is the only lightweight scheme of the Keccak-permutation-based Authenticated Encryption Cipher Keyak, which is one of the 16 survivors of the 3rd round CAESAR competition. Dinur et al. gave the sevenround cube-like attack on Lake Keyak (1600-bit) using the divide-and-conquer method at EUROCRYPT ...
متن کاملCube Attacks and Cube-Attack-Like Cryptanalysis on the Round-Reduced Keccak Sponge Function
In this paper, we comprehensively study the resistance of keyed variants of SHA-3 (Keccak) against algebraic attacks. This analysis covers a wide range of key recovery, MAC forgery and other types of attacks, breaking up to 9 rounds (out of the full 24) of the Keccak internal permutation much faster than exhaustive search. Moreover, some of our attacks on the 6-round Keccak are completely pract...
متن کاملCube-like Attack on Round-Reduced Initialization of Ketje Sr
This paper studies the Keccak-based authenticated encryption (AE) scheme Ketje Sr against cube-like attacks. Ketje is one of the remaining 16 candidates of third round CAESAR competition, whose primary recommendation is Ketje Sr. Although the cube-like method has been successfully applied to Ketje’s sister ciphers, including Keccak-MAC and Keyak – another Keccak-based AE scheme, similar attacks...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2017 شماره
صفحات -
تاریخ انتشار 2017