A higher order key partitioning attack with application to LBlock

Abstract

In this paper, we present a higher order key partitioning meet-in-the-middle attack. Our attack is inspired by biclique cryptanalysis combined with higher order partitioning of the key. More precisely, we employ more than two equally sized disjoint sets of the key and drop the restrictions on the key partitioning process required for building the initial biclique structure. In other words, we start the recomputation phase of the attack from the input plaintext directly, which can be regarded as a Meet-in-the-Middle-attack where the tested keys have a predefined relation. Applying our approach on LBlock allows us to present a known plaintext attack on the full thirty two round cipher with time complexity of 278.338 and negligible memory requirements. The data complexity of the attack is two plaintext-ciphertext pairs, which is the minimum theoretical data requirements attributed to the unicity distance of the cipher. Surprisingly, our results on the full LBlock are better, in terms of both computational and data complexity, than the results of its biclique cryptanalysis.