Christoph Dobraunig
Maria Eichlseder
Daniel Kales
Florian Mendel
2017-03-05
<p>MANTIS is a lightweight tweakable block cipher published at CRYPTO 2016. In addition to the full 14-round version, MANTIS<sub>7</sub>, the designers also propose an aggressive 10-round version, MANTIS5. The security claim for MANTIS<sub>5</sub> is resistance against “practical attacks”, defined as related-tweak attacks with data complexity 2<sup>d</sup> less than 2<sup>30</sup> chosen plaintexts (or 2<sup>40</sup> known plaintexts), and computational complexity at most 2<sup>126−d</sup>. We present a key-recovery attack against MANTIS<sub>5</sub> with 2<sup>28</sup> chosen plaintexts and a<br>
computational complexity of about 2<sup>38</sup> block cipher calls, which violates this claim. Our attack is based on a family of differential characteristics and exploits several properties of the lightweight round function and tweakey schedule. To verify the validity of the attack, we also provide a practical implementation which recovers the full key in about 1 core hour using 2<sup>30</sup> chosen plaintexts.</p>
https://doi.org/10.5281/zenodo.574265
oai:zenodo.org:574265
Zenodo
https://zenodo.org/communities/hector
https://zenodo.org/communities/eu
https://doi.org/
info:eu-repo/semantics/openAccess
Creative Commons Attribution Non Commercial 4.0 International
https://creativecommons.org/licenses/by-nc/4.0/legalcode
FSE 2017, International Conference on Fast Software Encryption, Tokyo, 5-8 March 2017
differential cryptanalysis
MANTIS
lightweight
PRINCE-like ciphers
Practical Key-Recovery Attack on MANTIS-5
info:eu-repo/semantics/conferencePaper