Conference paper Open Access
Practical Key-Recovery Attack on MANTIS-5
Christoph Dobraunig; Maria Eichlseder; Daniel Kales; Florian Mendel
MARC21 XML Export
<?xml version='1.0' encoding='UTF-8'?>
<record xmlns="http://www.loc.gov/MARC21/slim">
<leader>00000nam##2200000uu#4500</leader>
<datafield tag="653" ind1=" " ind2=" ">
<subfield code="a">differential cryptanalysis</subfield>
</datafield>
<datafield tag="653" ind1=" " ind2=" ">
<subfield code="a">MANTIS</subfield>
</datafield>
<datafield tag="653" ind1=" " ind2=" ">
<subfield code="a">lightweight</subfield>
</datafield>
<datafield tag="653" ind1=" " ind2=" ">
<subfield code="a">PRINCE-like ciphers</subfield>
</datafield>
<controlfield tag="005">20200120141045.0</controlfield>
<controlfield tag="001">574265</controlfield>
<datafield tag="711" ind1=" " ind2=" ">
<subfield code="d">5-8 March 2017</subfield>
<subfield code="g">FSE 2017</subfield>
<subfield code="a">International Conference on Fast Software Encryption</subfield>
<subfield code="c">Tokyo</subfield>
</datafield>
<datafield tag="700" ind1=" " ind2=" ">
<subfield code="u">Graz University of Technology</subfield>
<subfield code="a">Maria Eichlseder</subfield>
</datafield>
<datafield tag="700" ind1=" " ind2=" ">
<subfield code="u">Graz University of Technology</subfield>
<subfield code="a">Daniel Kales</subfield>
</datafield>
<datafield tag="700" ind1=" " ind2=" ">
<subfield code="u">Graz University of Technology</subfield>
<subfield code="a">Florian Mendel</subfield>
</datafield>
<datafield tag="856" ind1="4" ind2=" ">
<subfield code="s">514488</subfield>
<subfield code="z">md5:3a6a35b3257ed83142a0f3ff5c93c971</subfield>
<subfield code="u">https://zenodo.org/record/574265/files/TOSC-FSE-Practical-Key-Recovery-TUG.pdf</subfield>
</datafield>
<datafield tag="542" ind1=" " ind2=" ">
<subfield code="l">open</subfield>
</datafield>
<datafield tag="856" ind1="4" ind2=" ">
<subfield code="y">Conference website</subfield>
<subfield code="u">http://www.nuee.nagoya-u.ac.jp/labs/tiwata/fse2017/</subfield>
</datafield>
<datafield tag="260" ind1=" " ind2=" ">
<subfield code="c">2017-03-05</subfield>
</datafield>
<datafield tag="909" ind1="C" ind2="O">
<subfield code="p">openaire</subfield>
<subfield code="p">user-hector</subfield>
<subfield code="o">oai:zenodo.org:574265</subfield>
</datafield>
<datafield tag="100" ind1=" " ind2=" ">
<subfield code="u">Graz University of Technology</subfield>
<subfield code="a">Christoph Dobraunig</subfield>
</datafield>
<datafield tag="245" ind1=" " ind2=" ">
<subfield code="a">Practical Key-Recovery Attack on MANTIS-5</subfield>
</datafield>
<datafield tag="980" ind1=" " ind2=" ">
<subfield code="a">user-hector</subfield>
</datafield>
<datafield tag="536" ind1=" " ind2=" ">
<subfield code="c">644052</subfield>
<subfield code="a">HARDWARE ENABLED CRYPTO AND RANDOMNESS</subfield>
</datafield>
<datafield tag="540" ind1=" " ind2=" ">
<subfield code="u">https://creativecommons.org/licenses/by-nc/4.0/legalcode</subfield>
<subfield code="a">Creative Commons Attribution Non Commercial 4.0 International</subfield>
</datafield>
<datafield tag="650" ind1="1" ind2="7">
<subfield code="a">cc-by</subfield>
<subfield code="2">opendefinition.org</subfield>
</datafield>
<datafield tag="520" ind1=" " ind2=" ">
<subfield code="a"><p>MANTIS is a lightweight tweakable block cipher published at CRYPTO 2016. In addition to the full 14-round version, MANTIS<sub>7</sub>, the designers also propose an aggressive 10-round version, MANTIS5. The security claim for MANTIS<sub>5</sub> is resistance against “practical attacks”, defined as related-tweak attacks with data complexity 2<sup>d</sup> less than 2<sup>30</sup> chosen plaintexts (or 2<sup>40</sup> known plaintexts), and computational complexity at most 2<sup>126−d</sup>. We present a key-recovery attack against MANTIS<sub>5</sub> with 2<sup>28</sup> chosen plaintexts and a<br>
computational complexity of about 2<sup>38</sup> block cipher calls, which violates this claim. Our attack is based on a family of differential characteristics and exploits several properties of the lightweight round function and tweakey schedule. To verify the validity of the attack, we also provide a practical implementation which recovers the full key in about 1 core hour using 2<sup>30</sup> chosen plaintexts.</p></subfield>
</datafield>
<datafield tag="024" ind1=" " ind2=" ">
<subfield code="a">10.5281/zenodo.574265</subfield>
<subfield code="2">doi</subfield>
</datafield>
<datafield tag="980" ind1=" " ind2=" ">
<subfield code="a">publication</subfield>
<subfield code="b">conferencepaper</subfield>
</datafield>
</record>
34
33
views
downloads
| All versions | This version | |
|---|---|---|
| Views | 34 | 34 |
| Downloads | 33 | 33 |
| Data volume | 17.0 MB | 17.0 MB |
| Unique views | 33 | 33 |
| Unique downloads | 33 | 33 |
Indexed in
- Publication date:
- March 5, 2017
- DOI:
-
- Keyword(s):
- differential cryptanalysis MANTIS lightweight PRINCE-like ciphers
- Grants:
-
European Commission:
- HECTOR - HARDWARE ENABLED CRYPTO AND RANDOMNESS (644052)
- Meeting:
- International Conference on Fast Software Encryption (FSE 2017), Tokyo, 5-8 March 2017
- Communities:
- License (for files):
- Creative Commons Attribution Non Commercial 4.0 International