Conference paper Open Access

Practical Key-Recovery Attack on MANTIS-5

Christoph Dobraunig; Maria Eichlseder; Daniel Kales; Florian Mendel

MANTIS is a lightweight tweakable block cipher published at CRYPTO 2016. In addition to the full 14-round version, MANTIS7, the designers also propose an aggressive 10-round version, MANTIS5. The security claim for MANTIS5 is resistance against “practical attacks”, defined as related-tweak attacks with data complexity 2d less than 230 chosen plaintexts (or 240 known plaintexts), and computational complexity at most 2126−d. We present a key-recovery attack against MANTIS5 with 228 chosen plaintexts and a
computational complexity of about 238 block cipher calls, which violates this claim. Our attack is based on a family of differential characteristics and exploits several properties of the lightweight round function and tweakey schedule. To verify the validity of the attack, we also provide a practical implementation which recovers the full key in about 1 core hour using 230 chosen plaintexts.

Files (514.5 kB)
Name Size
514.5 kB Download
All versions This version
Views 99
Downloads 66
Data volume 3.1 MB3.1 MB
Unique views 99
Unique downloads 66


Cite as