Abstract
Deoxys is a third-round candidate of the CAESAR authenticated encryption competition. In this paper, we present the first cryptanalysis of Deoxys in the single-key model. Specifically, we propose a multiple impossible differentials attack of 8-round Deoxys-BC-256, which can reuse the plaintexts to sieve subkeys, so that the sieving efficiency can be improved. Meanwhile, we improve the process of sieving subkeys and utilize various techniques, including tweak schedule considerations, early abort technique, the new early abort technique, and so on, which help to reduce the complexity. The time, memory, and data complexities are 2 <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">123.9</sup> memory accesses, 2 <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">99.2</sup> bytes, and 2 <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">117</sup> chosen plaintexts, respectively.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
