Improved Cryptanalysis of Reduced-Version QARMA-64/128
QARMA is a new tweakable block cipher used for memory encryption, the generation of short tags and the construction of the keyed hash functions in future. It adopts a three-round Even-Mansour scheme and supports 64 and 128 bits of block size, denoted by QARMA-64 and QARMA-128, respectively. Their tw...
| Main Authors: | , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2020-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/8950388/ |
| id |
doaj-48db38cd529b49b3b77b209e27e563a8 |
|---|---|
| record_format |
Article |
| spelling |
doaj-48db38cd529b49b3b77b209e27e563a82021-03-30T01:20:12ZengIEEEIEEE Access2169-35362020-01-0188361837010.1109/ACCESS.2020.29642598950388Improved Cryptanalysis of Reduced-Version QARMA-64/128Ya Liu0https://orcid.org/0000-0001-5175-2657Tiande Zang1https://orcid.org/0000-0003-0769-9240Dawu Gu2https://orcid.org/0000-0002-0504-9538Fengyu Zhao3https://orcid.org/0000-0002-4783-290XWei Li4https://orcid.org/0000-0003-0887-3116Zhiqiang Liu5https://orcid.org/0000-0002-0846-4825Department of Computer Science and Technology, University of Shanghai for Science and Technology, Shanghai, ChinaDepartment of Computer Science and Technology, University of Shanghai for Science and Technology, Shanghai, ChinaDepartment of Computer Science and Engineering, Shanghai Jiao Tong University, Shanghai, ChinaDepartment of Computer Science and Technology, University of Shanghai for Science and Technology, Shanghai, ChinaSchool of Computer Science and Technology, Donghua University, Shanghai, ChinaDepartment of Computer Science and Engineering, Shanghai Jiao Tong University, Shanghai, ChinaQARMA is a new tweakable block cipher used for memory encryption, the generation of short tags and the construction of the keyed hash functions in future. It adopts a three-round Even-Mansour scheme and supports 64 and 128 bits of block size, denoted by QARMA-64 and QARMA-128, respectively. Their tweak lengths equal the block sizes and their keys are twice as long as the blocks. In this paper, we improve the security analysis of reduced-version QARMA against impossible differential and meet-in-the-middle attacks. Specifically, first exploit some properties of its linear operations and the redundancy of key schedule. Based on them, we propose impossible differential attacks on 11-round QARMA-64/128, and meet-in-the-middle attacks on 10-round symmetric QARMA-128 and the last 12 rounds of asymmetric QARMA-128. Compared with the previously best known results on QARMA-64, our attack can recover 16 more bits of master key with the almost complexities. Compared with the previously best known results on symmetric QARMA-128, the memory complexity of our attack in Section IV is reduced by a factor of 2<sup>48</sup>. Moreover, the meet-in-the-middle attack on 12-round QARMA-128 is the best known attack on QARMA-128 in terms of the number of rounds.https://ieeexplore.ieee.org/document/8950388/Tweakable block ciphersQARMAmeet-in-the-middle attacksimpossible differential cryptanalysistweaks |
| collection |
DOAJ |
| language |
English |
| format |
Article |
| sources |
DOAJ |
| author |
Ya Liu Tiande Zang Dawu Gu Fengyu Zhao Wei Li Zhiqiang Liu |
| spellingShingle |
Ya Liu Tiande Zang Dawu Gu Fengyu Zhao Wei Li Zhiqiang Liu Improved Cryptanalysis of Reduced-Version QARMA-64/128 IEEE Access Tweakable block ciphers QARMA meet-in-the-middle attacks impossible differential cryptanalysis tweaks |
| author_facet |
Ya Liu Tiande Zang Dawu Gu Fengyu Zhao Wei Li Zhiqiang Liu |
| author_sort |
Ya Liu |
| title |
Improved Cryptanalysis of Reduced-Version QARMA-64/128 |
| title_short |
Improved Cryptanalysis of Reduced-Version QARMA-64/128 |
| title_full |
Improved Cryptanalysis of Reduced-Version QARMA-64/128 |
| title_fullStr |
Improved Cryptanalysis of Reduced-Version QARMA-64/128 |
| title_full_unstemmed |
Improved Cryptanalysis of Reduced-Version QARMA-64/128 |
| title_sort |
improved cryptanalysis of reduced-version qarma-64/128 |
| publisher |
IEEE |
| series |
IEEE Access |
| issn |
2169-3536 |
| publishDate |
2020-01-01 |
| description |
QARMA is a new tweakable block cipher used for memory encryption, the generation of short tags and the construction of the keyed hash functions in future. It adopts a three-round Even-Mansour scheme and supports 64 and 128 bits of block size, denoted by QARMA-64 and QARMA-128, respectively. Their tweak lengths equal the block sizes and their keys are twice as long as the blocks. In this paper, we improve the security analysis of reduced-version QARMA against impossible differential and meet-in-the-middle attacks. Specifically, first exploit some properties of its linear operations and the redundancy of key schedule. Based on them, we propose impossible differential attacks on 11-round QARMA-64/128, and meet-in-the-middle attacks on 10-round symmetric QARMA-128 and the last 12 rounds of asymmetric QARMA-128. Compared with the previously best known results on QARMA-64, our attack can recover 16 more bits of master key with the almost complexities. Compared with the previously best known results on symmetric QARMA-128, the memory complexity of our attack in Section IV is reduced by a factor of 2<sup>48</sup>. Moreover, the meet-in-the-middle attack on 12-round QARMA-128 is the best known attack on QARMA-128 in terms of the number of rounds. |
| topic |
Tweakable block ciphers QARMA meet-in-the-middle attacks impossible differential cryptanalysis tweaks |
| url |
https://ieeexplore.ieee.org/document/8950388/ |
| work_keys_str_mv |
AT yaliu improvedcryptanalysisofreducedversionqarma64128 AT tiandezang improvedcryptanalysisofreducedversionqarma64128 AT dawugu improvedcryptanalysisofreducedversionqarma64128 AT fengyuzhao improvedcryptanalysisofreducedversionqarma64128 AT weili improvedcryptanalysisofreducedversionqarma64128 AT zhiqiangliu improvedcryptanalysisofreducedversionqarma64128 |
| _version_ |
1724187239039107072 |