Improved Cryptanalysis of Reduced-Version QARMA-64/128

QARMA is a new tweakable block cipher used for memory encryption, the generation of short tags and the construction of the keyed hash functions in future. It adopts a three-round Even-Mansour scheme and supports 64 and 128 bits of block size, denoted by QARMA-64 and QARMA-128, respectively. Their tw...

Full description

Saved in:
Bibliographic Details
Published in:IEEE access Vol. 8; pp. 8361 - 8370
Main Authors: Liu, Ya, Zang, Tiande, Gu, Dawu, Zhao, Fengyu, Li, Wei, Liu, Zhiqiang
Format: Journal Article
Language:English
Published: Piscataway IEEE 2020
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subjects:
Algorithms
Ciphers
Complexity theory
Computer science
Cryptography
Encryption
impossible differential cryptanalysis
Measurement
meet-in-the-middle attacks
Memory management
QARMA
Redundancy
Schedules
Tweakable block ciphers
tweaks
ISSN:2169-3536, 2169-3536
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:QARMA is a new tweakable block cipher used for memory encryption, the generation of short tags and the construction of the keyed hash functions in future. It adopts a three-round Even-Mansour scheme and supports 64 and 128 bits of block size, denoted by QARMA-64 and QARMA-128, respectively. Their tweak lengths equal the block sizes and their keys are twice as long as the blocks. In this paper, we improve the security analysis of reduced-version QARMA against impossible differential and meet-in-the-middle attacks. Specifically, first exploit some properties of its linear operations and the redundancy of key schedule. Based on them, we propose impossible differential attacks on 11-round QARMA-64/128, and meet-in-the-middle attacks on 10-round symmetric QARMA-128 and the last 12 rounds of asymmetric QARMA-128. Compared with the previously best known results on QARMA-64, our attack can recover 16 more bits of master key with the almost complexities. Compared with the previously best known results on symmetric QARMA-128, the memory complexity of our attack in Section IV is reduced by a factor of 2 48 . Moreover, the meet-in-the-middle attack on 12-round QARMA-128 is the best known attack on QARMA-128 in terms of the number of rounds.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:2169-3536
2169-3536
DOI:10.1109/ACCESS.2020.2964259