Improved Cryptanalysis of Reduced-Version QARMA-64/128

Ya Liu, Tiande Zang, Dawu Gu, Fengyu Zhao, Wei Li, Zhiqiang Liu
2020 IEEE Access  
QARMA is a new tweakable block cipher used for memory encryption, the generation of short tags and the construction of the keyed hash functions in future. It adopts a three-round Even-Mansour scheme and supports 64 and 128 bits of block size, denoted by QARMA-64 and QARMA-128, respectively. Their tweak lengths equal the block sizes and their keys are twice as long as the blocks. In this paper, we improve the security analysis of reduced-version QARMA against impossible differential and
more » ... he-middle attacks. Specifically, first exploit some properties of its linear operations and the redundancy of key schedule. Based on them, we propose impossible differential attacks on 11-round QARMA-64/128, and meet-in-themiddle attacks on 10-round symmetric QARMA-128 and the last 12 rounds of asymmetric QARMA-128. Compared with the previously best known results on QARMA-64, our attack can recover 16 more bits of master key with the almost complexities. Compared with the previously best known results on symmetric QARMA-128, the memory complexity of our attack in Section IV is reduced by a factor of 2 48 . Moreover, the meet-in-the-middle attack on 12-round QARMA-128 is the best known attack on QARMA-128 in terms of the number of rounds. INDEX TERMS Tweakable block ciphers, QARMA, meet-in-the-middle attacks, impossible differential cryptanalysis, tweaks.
doi:10.1109/access.2020.2964259 fatcat:74b6oykv2fdffic6jroyrj6m5e