Conference paper Open Access
Christoph Dobraunig; Maria Eichlseder; Daniel Kales; Florian Mendel
<?xml version='1.0' encoding='UTF-8'?> <record xmlns="http://www.loc.gov/MARC21/slim"> <leader>00000nam##2200000uu#4500</leader> <datafield tag="653" ind1=" " ind2=" "> <subfield code="a">differential cryptanalysis</subfield> </datafield> <datafield tag="653" ind1=" " ind2=" "> <subfield code="a">MANTIS</subfield> </datafield> <datafield tag="653" ind1=" " ind2=" "> <subfield code="a">lightweight</subfield> </datafield> <datafield tag="653" ind1=" " ind2=" "> <subfield code="a">PRINCE-like ciphers</subfield> </datafield> <controlfield tag="005">20200120141045.0</controlfield> <controlfield tag="001">574265</controlfield> <datafield tag="711" ind1=" " ind2=" "> <subfield code="d">5-8 March 2017</subfield> <subfield code="g">FSE 2017</subfield> <subfield code="a">International Conference on Fast Software Encryption</subfield> <subfield code="c">Tokyo</subfield> </datafield> <datafield tag="700" ind1=" " ind2=" "> <subfield code="u">Graz University of Technology</subfield> <subfield code="a">Maria Eichlseder</subfield> </datafield> <datafield tag="700" ind1=" " ind2=" "> <subfield code="u">Graz University of Technology</subfield> <subfield code="a">Daniel Kales</subfield> </datafield> <datafield tag="700" ind1=" " ind2=" "> <subfield code="u">Graz University of Technology</subfield> <subfield code="a">Florian Mendel</subfield> </datafield> <datafield tag="856" ind1="4" ind2=" "> <subfield code="s">514488</subfield> <subfield code="z">md5:3a6a35b3257ed83142a0f3ff5c93c971</subfield> <subfield code="u">https://zenodo.org/record/574265/files/TOSC-FSE-Practical-Key-Recovery-TUG.pdf</subfield> </datafield> <datafield tag="542" ind1=" " ind2=" "> <subfield code="l">open</subfield> </datafield> <datafield tag="856" ind1="4" ind2=" "> <subfield code="y">Conference website</subfield> <subfield code="u">http://www.nuee.nagoya-u.ac.jp/labs/tiwata/fse2017/</subfield> </datafield> <datafield tag="260" ind1=" " ind2=" "> <subfield code="c">2017-03-05</subfield> </datafield> <datafield tag="909" ind1="C" ind2="O"> <subfield code="p">openaire</subfield> <subfield code="p">user-hector</subfield> <subfield code="o">oai:zenodo.org:574265</subfield> </datafield> <datafield tag="100" ind1=" " ind2=" "> <subfield code="u">Graz University of Technology</subfield> <subfield code="a">Christoph Dobraunig</subfield> </datafield> <datafield tag="245" ind1=" " ind2=" "> <subfield code="a">Practical Key-Recovery Attack on MANTIS-5</subfield> </datafield> <datafield tag="980" ind1=" " ind2=" "> <subfield code="a">user-hector</subfield> </datafield> <datafield tag="536" ind1=" " ind2=" "> <subfield code="c">644052</subfield> <subfield code="a">HARDWARE ENABLED CRYPTO AND RANDOMNESS</subfield> </datafield> <datafield tag="540" ind1=" " ind2=" "> <subfield code="u">https://creativecommons.org/licenses/by-nc/4.0/legalcode</subfield> <subfield code="a">Creative Commons Attribution Non Commercial 4.0 International</subfield> </datafield> <datafield tag="650" ind1="1" ind2="7"> <subfield code="a">cc-by</subfield> <subfield code="2">opendefinition.org</subfield> </datafield> <datafield tag="520" ind1=" " ind2=" "> <subfield code="a"><p>MANTIS is a lightweight tweakable block cipher published at CRYPTO 2016. In addition to the full 14-round version, MANTIS<sub>7</sub>, the designers also propose an aggressive 10-round version, MANTIS5. The security claim for MANTIS<sub>5</sub> is resistance against “practical attacks”, defined as related-tweak attacks with data complexity 2<sup>d</sup> less than 2<sup>30</sup> chosen plaintexts (or 2<sup>40</sup> known plaintexts), and computational complexity at most 2<sup>126−d</sup>. We present a key-recovery attack against MANTIS<sub>5</sub> with 2<sup>28</sup> chosen plaintexts and a<br> computational complexity of about 2<sup>38</sup> block cipher calls, which violates this claim. Our attack is based on a family of differential characteristics and exploits several properties of the lightweight round function and tweakey schedule. To verify the validity of the attack, we also provide a practical implementation which recovers the full key in about 1 core hour using 2<sup>30</sup> chosen plaintexts.</p></subfield> </datafield> <datafield tag="024" ind1=" " ind2=" "> <subfield code="a">10.5281/zenodo.574265</subfield> <subfield code="2">doi</subfield> </datafield> <datafield tag="980" ind1=" " ind2=" "> <subfield code="a">publication</subfield> <subfield code="b">conferencepaper</subfield> </datafield> </record>
All versions | This version | |
---|---|---|
Views | 34 | 34 |
Downloads | 33 | 33 |
Data volume | 17.0 MB | 17.0 MB |
Unique views | 33 | 33 |
Unique downloads | 33 | 33 |