Conference paper Open Access

Practical Key-Recovery Attack on MANTIS-5

Christoph Dobraunig; Maria Eichlseder; Daniel Kales; Florian Mendel

Dublin Core Export

<?xml version='1.0' encoding='utf-8'?>
<oai_dc:dc xmlns:dc="" xmlns:oai_dc="" xmlns:xsi="" xsi:schemaLocation="">
  <dc:creator>Christoph Dobraunig</dc:creator>
  <dc:creator>Maria Eichlseder</dc:creator>
  <dc:creator>Daniel Kales</dc:creator>
  <dc:creator>Florian Mendel</dc:creator>
  <dc:description>MANTIS is a lightweight tweakable block cipher published at CRYPTO 2016. In addition to the full 14-round version, MANTIS7, the designers also propose an aggressive 10-round version, MANTIS5. The security claim for MANTIS5 is resistance against “practical attacks”, defined as related-tweak attacks with data complexity 2d less than 230 chosen plaintexts (or 240 known plaintexts), and computational complexity at most 2126−d. We present a key-recovery attack against MANTIS5 with 228 chosen plaintexts and a
computational complexity of about 238 block cipher calls, which violates this claim. Our attack is based on a family of differential characteristics and exploits several properties of the lightweight round function and tweakey schedule. To verify the validity of the attack, we also provide a practical implementation which recovers the full key in about 1 core hour using 230 chosen plaintexts.</dc:description>
  <dc:subject>differential cryptanalysis</dc:subject>
  <dc:subject>PRINCE-like ciphers</dc:subject>
  <dc:title>Practical Key-Recovery Attack on MANTIS-5</dc:title>
All versions This version
Views 3434
Downloads 3333
Data volume 17.0 MB17.0 MB
Unique views 3333
Unique downloads 3333


Cite as