Improved Meet-in-the-Middle Attacks on Reduced-Round Tweakable Block Cipher Deoxys-BC

Abstract

Abstract Deoxys-BC is an internal tweakable block cipher of the authenticated encryption algorithm Deoxys, which is a third-round finalist in the CAESAR competition. In this paper, we study the property of Deoxys-BC, such as the subtweakey difference cancelation and the freedom of the tweak. Combining the differential enumeration technique with these properties, the authors achieve the key-recovery attacks on Deoxys-BC under the meet-in-the-middle attack. As a result, we get an attack on 9-round Deoxys-BC-128-128 by constructing a 6-round meet-in-the-middle distinguisher with $2^{113}$ plaintext–tweak combinations, $2^{97}$ Deoxys-BC blocks and $2^{121.6}$ 9-round Deoxys-BC-128-128 encryptions. We also present an attack on 11-round Deoxys-BC-256-128 for the first time by constructing a 7-round meet-in-the-middle distinguisher with $2^{113}$ plaintext-tweak combinations, $2^{226}$ Deoxys-BC blocks and $2^{251}$ 11-round Deoxys-BC-256-128 encryptions.