Abstract

MANTIS is a lightweight tweakable block cipher published at CRYPTO 2016. In addition to the full 14-round version, MANTIS 7 , the designers also propose an aggressive 10-round version, MANTIS 5 . The security claim for MANTIS 5 is resistance against “practical attacks”, defined as related-tweak attacks with data complexity 2 d less than 2 30 chosen plaintexts (or 2 40 known plaintexts), and computational complexity at most 2 126−d . We present a key-recovery attack against MANTIS 5 with 2 28 chosen plaintexts and a computational complexity of about 2 38 block cipher calls, which violates this claim. Our attack is based on a family of differential characteristics and exploits several properties of the lightweight round function and tweakey schedule. To verify the validity of the attack, we also provide a practical implementation which recovers the full key in about 1 core hour using 2 30 chosen plaintexts.

Full Text

Paper version not known (Free)

Published Version

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.