Abstract

In ASIACRYPT 2014, Jean et al. proposed the authentication encryption scheme Deoxys, which is one of the third-round candidates in CAESAR competition. Its internal block cipher is called Deoxys-BC that adopts the tweakey frame. Deoxys-BC has two versions of the tweakey size that are 256 bits and 384 bits, denoted by Deoxys-BC-256 and Deoxys-BC-384, respectively. In this paper, we revaluate the security of Deoxys-BC-256 against the meet-in-the-middle attack to obtain some new results. First, we append one round at the top and two rounds at the bottom of a 6-round distinguisher to form a 9-round truncated differential path with the probability of $2^{-144}$. Based on it, the adversary can attack 9-round Deoxys-BC-256 with $2^{108}$ chosen plaintext-tweaks, $2^{113.6}$ encryptions and $2^{102}$ blocks. Second, we construct a new 6.5-round distinguisher to form 10-round attacking path with the probability of $2^{-152}$. On the basis of it, the adversary could attack 10-round Deoxys-BC-256 with $2^{115}$ chosen plaintext-tweaks, $2^{171}$ encryptions and $2^{152}$ blocks. These two attacks improve the previous cryptanalytic results on reduced-round Deoxys-BC-256 against the meet-in-the-middle attack.

中文翻译：

---

降低圆的Deoxys-BC-256的改进的中间相遇攻击

摘要

在ASIACRYPT 2014中，Jean等人。提出了认证加密方案Deoxys，这是CAESAR竞赛的第三轮候选方案之一。它的内部分组密码称为Deoxys-BC，采用密码框架。Deoxys-BC具有tweakey大小的两个版本，分别为256位和384位，分别由Deoxys-BC-256和Deoxys-BC-384表示。在本文中，我们重新评估了Deoxys-BC-256对中间相遇攻击的安全性，从而获得了一些新的结果。首先，我们在6轮区分符的顶部附加一轮，在底部附加两轮，以形成9轮截断的差分路径，概率为$ 2 ^ {-144} $。基于此，攻击者可以使用$ 2 ^ {108} $个选定的明文调整，$ 2 ^ {113.6} $个加密和$ 2 ^ {102} $个块来攻击9轮Deoxys-BC-256。其次，我们构造一个新的6。5轮判别器形成10轮进攻路径，概率为$ 2 ^ {-152} $。在此基础上，对手可以选择$ 2 ^ {115} $个明文调整，$ 2 ^ {171} $个加密和$ 2 ^ {152} $个块来攻击10轮Deoxys-BC-256。这两种攻击均改进了先前针对抵制中间相遇攻击而在还原轮Deoxys-BC-256上进行的密码分析结果。