A 3-Subset Meet-in-the-Middle Attack: Cryptanalysis of the Lightweight Block Cipher KTANTAN

Andrey Bogdanov, Christian Rechberger

    Research output: Contribution to journalConference articleResearchpeer-review

    318 Downloads (Pure)


    In this paper we describe a variant of existing meet-in-the-middle attacks on block ciphers. As an application, we propose meet-in-the-middle attacks that are applicable to the KTANTAN family of block ciphers accepting a key of 80 bits. The attacks are due to sonic weaknesses in its bitwise key schedule(1). We report an attack of time complexity 2(75.170) encryptions on the full KTANTAN32 cipher with only 3 plaintext/ciphertext pairs and well as 2(75.044) encryptions on the full KTANTAN48 and 2(75.584) encryptions on the full KTANTAN69 with 2 plaintext/ciphertext pairs. All these attacks work in the classical attack model without any related keys. In the differential related-key model, we demonstrate 218- and 174- round differentials holding with probability I. This shows that a strong related-key property can translate to a successful attack in the non-related-key setting. Having extremely low data requirements, these attacks are valid even in RFID-like environments where only a very limited amount of text material may be available to an attacker.
    Original languageEnglish
    Book seriesLecture Notes in Computer Science
    Pages (from-to)229-240
    Publication statusPublished - 2011
    Event17th International Workshop on Selected Areas in Cryptography - Waterloo, Canada
    Duration: 12 Aug 201013 Aug 2010
    Conference number: 17


    Workshop17th International Workshop on Selected Areas in Cryptography

    Cite this