Conference paper Open Access

Practical Key-Recovery Attack on MANTIS-5

Christoph Dobraunig; Maria Eichlseder; Daniel Kales; Florian Mendel


MARC21 XML Export

<?xml version='1.0' encoding='UTF-8'?>
<record xmlns="http://www.loc.gov/MARC21/slim">
  <leader>00000nam##2200000uu#4500</leader>
  <datafield tag="653" ind1=" " ind2=" ">
    <subfield code="a">differential cryptanalysis</subfield>
  </datafield>
  <datafield tag="653" ind1=" " ind2=" ">
    <subfield code="a">MANTIS</subfield>
  </datafield>
  <datafield tag="653" ind1=" " ind2=" ">
    <subfield code="a">lightweight</subfield>
  </datafield>
  <datafield tag="653" ind1=" " ind2=" ">
    <subfield code="a">PRINCE-like ciphers</subfield>
  </datafield>
  <controlfield tag="005">20180103094951.0</controlfield>
  <controlfield tag="001">574265</controlfield>
  <datafield tag="711" ind1=" " ind2=" ">
    <subfield code="d">5-8 March 2017</subfield>
    <subfield code="g">FSE 2017</subfield>
    <subfield code="a">International Conference on Fast Software Encryption</subfield>
    <subfield code="c">Tokyo</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">Graz University of Technology</subfield>
    <subfield code="a">Maria Eichlseder</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">Graz University of Technology</subfield>
    <subfield code="a">Daniel Kales</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">Graz University of Technology</subfield>
    <subfield code="a">Florian Mendel</subfield>
  </datafield>
  <datafield tag="856" ind1="4" ind2=" ">
    <subfield code="s">514488</subfield>
    <subfield code="z">md5:3a6a35b3257ed83142a0f3ff5c93c971</subfield>
    <subfield code="u">https://zenodo.org/record/574265/files/TOSC-FSE-Practical-Key-Recovery-TUG.pdf</subfield>
  </datafield>
  <datafield tag="542" ind1=" " ind2=" ">
    <subfield code="l">open</subfield>
  </datafield>
  <datafield tag="856" ind1="4" ind2=" ">
    <subfield code="y">Conference website</subfield>
    <subfield code="u">http://www.nuee.nagoya-u.ac.jp/labs/tiwata/fse2017/</subfield>
  </datafield>
  <datafield tag="260" ind1=" " ind2=" ">
    <subfield code="c">2017-03-05</subfield>
  </datafield>
  <datafield tag="909" ind1="C" ind2="O">
    <subfield code="p">openaire</subfield>
    <subfield code="p">user-hector</subfield>
    <subfield code="o">oai:zenodo.org:574265</subfield>
  </datafield>
  <datafield tag="100" ind1=" " ind2=" ">
    <subfield code="u">Graz University of Technology</subfield>
    <subfield code="a">Christoph Dobraunig</subfield>
  </datafield>
  <datafield tag="245" ind1=" " ind2=" ">
    <subfield code="a">Practical Key-Recovery Attack on MANTIS-5</subfield>
  </datafield>
  <datafield tag="980" ind1=" " ind2=" ">
    <subfield code="a">user-hector</subfield>
  </datafield>
  <datafield tag="536" ind1=" " ind2=" ">
    <subfield code="c">644052</subfield>
    <subfield code="a">HARDWARE ENABLED CRYPTO AND RANDOMNESS</subfield>
  </datafield>
  <datafield tag="540" ind1=" " ind2=" ">
    <subfield code="u">http://creativecommons.org/licenses/by-nc/4.0/legalcode</subfield>
    <subfield code="a">Creative Commons Attribution Non Commercial 4.0 International</subfield>
  </datafield>
  <datafield tag="650" ind1="1" ind2="7">
    <subfield code="a">cc-by</subfield>
    <subfield code="2">opendefinition.org</subfield>
  </datafield>
  <datafield tag="520" ind1=" " ind2=" ">
    <subfield code="a">&lt;p&gt;MANTIS is a lightweight tweakable block cipher published at CRYPTO 2016. In addition to the full 14-round version, MANTIS&lt;sub&gt;7&lt;/sub&gt;, the designers also propose an aggressive 10-round version, MANTIS5. The security claim for MANTIS&lt;sub&gt;5&lt;/sub&gt; is resistance against “practical attacks”, defined as related-tweak attacks with data complexity 2&lt;sup&gt;d&lt;/sup&gt; less than 2&lt;sup&gt;30&lt;/sup&gt; chosen plaintexts (or 2&lt;sup&gt;40&lt;/sup&gt; known plaintexts), and computational complexity at most 2&lt;sup&gt;126−d&lt;/sup&gt;. We present a key-recovery attack against MANTIS&lt;sub&gt;5&lt;/sub&gt; with 2&lt;sup&gt;28&lt;/sup&gt; chosen plaintexts and a&lt;br&gt;
computational complexity of about 2&lt;sup&gt;38&lt;/sup&gt; block cipher calls, which violates this claim. Our attack is based on a family of differential characteristics and exploits several properties of the lightweight round function and tweakey schedule. To verify the validity of the attack, we also provide a practical implementation which recovers the full key in about 1 core hour using 2&lt;sup&gt;30&lt;/sup&gt; chosen plaintexts.&lt;/p&gt;</subfield>
  </datafield>
  <datafield tag="024" ind1=" " ind2=" ">
    <subfield code="a">10.5281/zenodo.574265</subfield>
    <subfield code="2">doi</subfield>
  </datafield>
  <datafield tag="980" ind1=" " ind2=" ">
    <subfield code="a">publication</subfield>
    <subfield code="b">conferencepaper</subfield>
  </datafield>
</record>
10
9
views
downloads
All versions This version
Views 1010
Downloads 99
Data volume 4.6 MB4.6 MB
Unique views 1010
Unique downloads 99

Share

Cite as