A New Method for Meet-in-the-Middle Attacks on Reduced AES

A new 5-round distinguisher of AES with key whitening is presented by using the properties of its round transformation. Based on this distinguisher,we present new meet-in-the-middle attacks on reduced AES considering the key schedule and the time-memory tradeoff approach. New attacks improve the best known meet-in-the-middle attacks on reduced AES presented at FSE2008.We reduce the time complexity of attacks on 7-round AES-192 and 8-round AES-256 by a factor of at least 28. Moreover,the distinguisher can be exploited to develop the attack on 8-round AES-192.

Differential Fault Analysis and Meet-in-the-Middle Attack on the Block Cipher KATAN32

We investigate the lightweight block cipher KATAN family which consists of three variants with 32, 48 and 64-bit block sizes, called KATAN32, KATAN48 and KATAN64 respectively. However, three variants all have the same key length of 80 bits. On the basis of the bit-oriented faulty model and the differential analysis principle, we describe the attack that combines differential fault attack with the meet-in-the-middle (MITM) attack on the KATAN32. More precisely, inducing a fault at a bit, we can recover some linear differential fault equations on the key bits. During solving equations, without the help of computer, we need only algebraic deduction to obtain relations of some key bits. The complexity in this process is neglectable. The secret key of the full cipher can be recovered faster than exhaustive search for all three block sizes in the KATAN family. Our result describes that KATAN32 is vulnerable.

General Quantum Meet-in-the-Middle Search Algorithm Based on Target Solution of Fixed Weight

Similar to the classical meet-in-the-middle algorithm,the storage and computation complexity are the key factors that decide the efficiency of the quantum meet-in-the-middle algorithm.Aiming at the target vector of fixed weight,based on the quantum meet-in-the-middle algorithm,the algorithm for searching all n-product vectors with the same weight is presented,whose complexity is better than the exhaustive search algorithm.And the algorithm can reduce the storage complexity of the quantum meet-in-the-middle search algorithm.Then based on the algorithm and the knapsack vector of the Chor-Rivest public-key crypto of fixed weight d,we present a general quantum meet-in-th√e-middle search algorithm based on the target solution of fixed weight,whose computational complexity is∑(d to j=0)(O((1/2)(C^(d-j)_(n-k+1))+O(C^j_klog C^j_k))with∑(d to i=0)C^i_k memory cost.And the optimal value of k is given.Compared to thequantum meet-in-the-middle search algorithm for knapsack problem and the quantum algorithm for searching a target solution of fixed weight,the computational complexity of the algorithm is lower.And its storage complexity is smaller than the quantum meet-in-the-middle-algorithm.

Improved Preimage Attack on 3-Pass HAVAL

HAVAL is a hash function proposed by Zheng et al.in 1992,including 3-,4-and 5-pass versions.We improve pseudo-preimage and preimage attacks on 3-pass HAVAL at the complexity of 2 172 and 2 209.6,respectively,as compared to the previous best known results:2 192 and 2 225 by Sasaki et al.in 2008.We extend the skip interval for partial-patching and apply the initial structure technique to find the better message chunks,and combine the indirect-partial-matching,partial-fixing and multi-neutral-word partial-fixing techniques to improve the attacks based on the meet-in-the-middle method.These are the best pseudo-preimage and preimage attacks on 3-pass HAVAL.