Algebraic Meet-in-the-Middle Attack on LowMC

Fukang Liu; Santanu Sarkar; Gaoli Wang; Willi Meier; Takanori Isobe

doi:10.1007/978-3-031-22963-3_8

Algebraic Meet-in-the-Middle Attack on LowMC

Fukang Liu^*
, Santanu Sarkar
, Gaoli Wang
, Willi Meier
, Takanori Isobe

^*Corresponding author for this work

Software Engineering Institute

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

18 Scopus citations

Abstract

By exploiting the feature of partial nonlinear layers, we propose a new technique called algebraic meet-in-the-middle (MITM) attack to analyze the security of LowMC, which can reduce the memory complexity of the simple difference enumeration attack over the state-of-the-art. Moreover, while an efficient algebraic technique to retrieve the full key from a differential trail of LowMC has been proposed at CRYPTO 2021, its time complexity is still exponential in the key size. In this work, we show how to reduce it to constant time when there are a sufficiently large number of active S-boxes in the trail. With the above new techniques, the attacks on LowMC and LowMC-M published at CRYPTO 2021 are further improved, and some LowMC instances could be broken for the first time. Our results seem to indicate that partial nonlinear layers are still not well-understood.

Original language	English
Title of host publication	Advances in Cryptology – ASIACRYPT 2022 - 28th International Conference on the Theory and Application of Cryptology and Information Security, 2022, Proceedings
Editors	Shweta Agrawal, Dongdai Lin
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	225-255
Number of pages	31
ISBN (Print)	9783031229626
DOIs	https://doi.org/10.1007/978-3-031-22963-3_8
State	Published - 2022
Event	28th International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2022 - Taipei, Taiwan, Province of China Duration: 5 Dec 2022 → 9 Dec 2022

Publication series

Name	Lecture Notes in Computer Science
Volume	13791 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	28th International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2022
Country/Territory	Taiwan, Province of China
City	Taipei
Period	5/12/22 → 9/12/22

Keywords

Algebraic attack
Key recovery
Linearization
LowMC
LowMC-M
Meet-in-the-middle

Access to Document

10.1007/978-3-031-22963-3_8

Cite this

Liu, F., Sarkar, S., Wang, G., Meier, W., & Isobe, T. (2022). Algebraic Meet-in-the-Middle Attack on LowMC. In S. Agrawal, & D. Lin (Eds.), Advances in Cryptology – ASIACRYPT 2022 - 28th International Conference on the Theory and Application of Cryptology and Information Security, 2022, Proceedings (pp. 225-255). (Lecture Notes in Computer Science; Vol. 13791 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-22963-3_8

Liu, Fukang ; Sarkar, Santanu ; Wang, Gaoli et al. / Algebraic Meet-in-the-Middle Attack on LowMC. Advances in Cryptology – ASIACRYPT 2022 - 28th International Conference on the Theory and Application of Cryptology and Information Security, 2022, Proceedings. editor / Shweta Agrawal ; Dongdai Lin. Springer Science and Business Media Deutschland GmbH, 2022. pp. 225-255 (Lecture Notes in Computer Science).

@inproceedings{3d2fd99ed665466bb98d9ea6fc3dd461,

title = "Algebraic Meet-in-the-Middle Attack on LowMC",

abstract = "By exploiting the feature of partial nonlinear layers, we propose a new technique called algebraic meet-in-the-middle (MITM) attack to analyze the security of LowMC, which can reduce the memory complexity of the simple difference enumeration attack over the state-of-the-art. Moreover, while an efficient algebraic technique to retrieve the full key from a differential trail of LowMC has been proposed at CRYPTO 2021, its time complexity is still exponential in the key size. In this work, we show how to reduce it to constant time when there are a sufficiently large number of active S-boxes in the trail. With the above new techniques, the attacks on LowMC and LowMC-M published at CRYPTO 2021 are further improved, and some LowMC instances could be broken for the first time. Our results seem to indicate that partial nonlinear layers are still not well-understood.",

keywords = "Algebraic attack, Key recovery, Linearization, LowMC, LowMC-M, Meet-in-the-middle",

author = "Fukang Liu and Santanu Sarkar and Gaoli Wang and Willi Meier and Takanori Isobe",

note = "Publisher Copyright: {\textcopyright} 2022, International Association for Cryptologic Research.; 28th International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2022 ; Conference date: 05-12-2022 Through 09-12-2022",

year = "2022",

doi = "10.1007/978-3-031-22963-3\_8",

language = "英语",

isbn = "9783031229626",

series = "Lecture Notes in Computer Science",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "225--255",

editor = "Shweta Agrawal and Dongdai Lin",

booktitle = "Advances in Cryptology – ASIACRYPT 2022 - 28th International Conference on the Theory and Application of Cryptology and Information Security, 2022, Proceedings",

address = "德国",

}

Liu, F, Sarkar, S, Wang, G, Meier, W & Isobe, T 2022, Algebraic Meet-in-the-Middle Attack on LowMC. in S Agrawal & D Lin (eds), Advances in Cryptology – ASIACRYPT 2022 - 28th International Conference on the Theory and Application of Cryptology and Information Security, 2022, Proceedings. Lecture Notes in Computer Science, vol. 13791 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 225-255, 28th International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2022, Taipei, Taiwan, Province of China, 5/12/22. https://doi.org/10.1007/978-3-031-22963-3_8

Algebraic Meet-in-the-Middle Attack on LowMC. / Liu, Fukang; Sarkar, Santanu; Wang, Gaoli et al.
Advances in Cryptology – ASIACRYPT 2022 - 28th International Conference on the Theory and Application of Cryptology and Information Security, 2022, Proceedings. ed. / Shweta Agrawal; Dongdai Lin. Springer Science and Business Media Deutschland GmbH, 2022. p. 225-255 (Lecture Notes in Computer Science; Vol. 13791 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Algebraic Meet-in-the-Middle Attack on LowMC

AU - Liu, Fukang

AU - Sarkar, Santanu

AU - Wang, Gaoli

AU - Meier, Willi

AU - Isobe, Takanori

PY - 2022

Y1 - 2022

N2 - By exploiting the feature of partial nonlinear layers, we propose a new technique called algebraic meet-in-the-middle (MITM) attack to analyze the security of LowMC, which can reduce the memory complexity of the simple difference enumeration attack over the state-of-the-art. Moreover, while an efficient algebraic technique to retrieve the full key from a differential trail of LowMC has been proposed at CRYPTO 2021, its time complexity is still exponential in the key size. In this work, we show how to reduce it to constant time when there are a sufficiently large number of active S-boxes in the trail. With the above new techniques, the attacks on LowMC and LowMC-M published at CRYPTO 2021 are further improved, and some LowMC instances could be broken for the first time. Our results seem to indicate that partial nonlinear layers are still not well-understood.

AB - By exploiting the feature of partial nonlinear layers, we propose a new technique called algebraic meet-in-the-middle (MITM) attack to analyze the security of LowMC, which can reduce the memory complexity of the simple difference enumeration attack over the state-of-the-art. Moreover, while an efficient algebraic technique to retrieve the full key from a differential trail of LowMC has been proposed at CRYPTO 2021, its time complexity is still exponential in the key size. In this work, we show how to reduce it to constant time when there are a sufficiently large number of active S-boxes in the trail. With the above new techniques, the attacks on LowMC and LowMC-M published at CRYPTO 2021 are further improved, and some LowMC instances could be broken for the first time. Our results seem to indicate that partial nonlinear layers are still not well-understood.

KW - Algebraic attack

KW - Key recovery

KW - Linearization

KW - LowMC

KW - LowMC-M

KW - Meet-in-the-middle

UR - https://www.scopus.com/pages/publications/85149698537

U2 - 10.1007/978-3-031-22963-3_8

DO - 10.1007/978-3-031-22963-3_8

M3 - 会议稿件

AN - SCOPUS:85149698537

SN - 9783031229626

T3 - Lecture Notes in Computer Science

SP - 225

EP - 255

BT - Advances in Cryptology – ASIACRYPT 2022 - 28th International Conference on the Theory and Application of Cryptology and Information Security, 2022, Proceedings

A2 - Agrawal, Shweta

A2 - Lin, Dongdai

PB - Springer Science and Business Media Deutschland GmbH

T2 - 28th International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2022

Y2 - 5 December 2022 through 9 December 2022

ER -

Liu F, Sarkar S, Wang G, Meier W, Isobe T. Algebraic Meet-in-the-Middle Attack on LowMC. In Agrawal S, Lin D, editors, Advances in Cryptology – ASIACRYPT 2022 - 28th International Conference on the Theory and Application of Cryptology and Information Security, 2022, Proceedings. Springer Science and Business Media Deutschland GmbH. 2022. p. 225-255. (Lecture Notes in Computer Science). doi: 10.1007/978-3-031-22963-3_8