Cryptanalysis of ARMADILLO2

Publication: Research - peer-reviewArticle in proceedings – Annual report year: 2011

View graph of relations

ARMADILLO2 is the recommended variant of a multi-purpose cryptographic primitive dedicated to hardware which has been proposed by Badel et al. in [1]. In this paper, we describe a meet-in-themiddle technique relying on the parallel matching algorithm that allows us to invert the ARMADILLO2 function. This makes it possible to perform a key recovery attack when used as a FIL-MAC. A variant of this attack can also be applied to the stream cipher derived from the PRNG mode. Finally we propose a (second) preimage attack when used as a hash function.We have validated our attacks by implementing cryptanalysis on scaled variants. The experimental results match the theoretical complexities. In addition to these attacks, we present a generalization of the parallel matching algorithm, which can be applied in a broader context than attacking ARMADILLO2.
Original languageEnglish
Title of host publicationAdvances in Cryptology
EditorsDong Hoon Lee, Xiaoyun Wang
Publication date2011
ISBN (print)978-3-642-25384-3
StatePublished - 2011


Conference17th International Conference on the Theory and Application of Cryptology and Information Security
CitySeoul, South Korea
Period01/01/2011 → …
NameLecture Notes in Computer Science
CitationsWeb of Science® Times Cited: No match on DOI


  • Preimage attack, Parallel matching algorithm, Meet-in-the-middle, ARMADILLO2, Key recovery attack
Download as:
Download as PDF
Select render style:
Download as HTML
Select render style:
Download as Word
Select render style:

Download statistics

No data available

ID: 6438043