Deoxys-BC is an internal tweakable block cipher of the authenticated encryption algorithm Deoxys, which is a third-round finalist in the CAESAR competition. In this paper, we study the property of Deoxys-BC, such as the subtweakey difference cancelation and the freedom of the tweak. Combining the differential enumeration technique with these properties, the authors achieve the key-recovery attacks on Deoxys-BC under the meet-in-the-middle attack. As a result, we get an attack on 9-round Deoxys-BC-128-128 by constructing a 6-round meet-in-the-middle distinguisher with $2^{113}$ plaintext–tweak combinations, $2^{97}$ Deoxys-BC blocks and $2^{121.6}$ 9-round Deoxys-BC-128-128 encryptions. We also present an attack on 11-round Deoxys-BC-256-128 for the first time by constructing a 7-round meet-in-the-middle distinguisher with $2^{113}$ plaintext-tweak combinations, $2^{226}$ Deoxys-BC blocks and $2^{251}$ 11-round Deoxys-BC-256-128 encryptions.

中文翻译：

---

改进了对缩减轮可调整块密码 Deoxys-BC 的中间相遇攻击

Deoxys-BC 是经过身份验证的加密算法 Deoxys 的内部可调整分组密码，该算法是 CAESAR 竞赛的第三轮决赛选手。在本文中，我们研究了 Deoxys-BC 的属性，例如子微调差异消除和微调的自由度。将差分枚举技术与这些特性相结合，作者在中间相遇攻击下实现了对 Deoxys-BC 的密钥恢复攻击。结果，我们通过使用 $2^{113}$ 明文-tweak 组合，$2^{97} $ Deoxys-BC 块和 $2^{121.6}$ 9 轮 Deoxys-BC-128-128 加密。