Midori64 and Midori128 [2] are lightweight block ciphers, which respectively cipher 64-bit and 128-bit blocks. While several attack models are discussed by the authors of Midori, the authors made no claims concerning the security of Midori against related-key differential attacks. In this attack model, the attacker uses related-key differential characteristics, i.e., tuples (δP, δK, δC) such that a difference (generally computed as a XOR) of δP in the plaintext coupled with a difference δK in the key yields a difference δC after r rounds with a good probability. In this paper, we propose a constraint programming model to automate the search for optimal (in terms of probability) related-key differential characteristics on Midori. Using it, we build related-key distinguishers on the full-round Midori64 and Midori128, and mount key recovery attacks on both versions of the cipher with practical time complexity, respectively 235.8 and 243.7.
CITATION STYLE
Gérault, D., & Lafourcade, P. (2016). Related-key cryptanalysis of Midori. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 10095 LNCS, pp. 287–304). Springer Verlag. https://doi.org/10.1007/978-3-319-49890-4_16
Mendeley helps you to discover research relevant for your work.