Paper 2016/754
Practical Key Recovery Attack on MANTIS-5
Abstract
MANTIS is a lightweight tweakable block cipher recently published at CRYPTO 2016. In addition to the full 14-round version, MANTIS-7, the designers also propose an aggressive 10-round version, MANTIS-5. The security claim for MANTIS-5 is resistance against "practical attacks", defined as related-tweak attacks with data complexity $2^d$ less than $2^{30}$ chosen plaintexts (or $2^{40}$ known plaintexts), and computational complexity at most $2^{126-d}$. We present a key-recovery attack against MANTIS-5 with $2^{28}$ chosen plaintexts and a computational complexity of about $2^{38}$ block cipher calls, which violates this claim. Our attack is based on a family of differential characteristics and exploits several properties of the lightweight round function and tweakey schedule. To verify the validity of the attack, we also provide a practical implementation which recovers the full key in about 1 core hour using $2^{30}$ chosen plaintexts.
Metadata
- Available format(s)
-
PDF
- Category
- Secret-key cryptography
- Publication info
- A minor revision of an IACR publication in TOSC 2016
- DOI
- 10.13154/tosc.v2016.i2.248-260
- Keywords
- cryptanalysisMANTISPRINCE-like ciphers
- Contact author(s)
- maria eichlseder @ iaik tugraz at
- History
- 2024-06-07: last of 2 revisions
- 2016-08-09: received
- See all versions
- Short URL
- https://ia.cr/2016/754
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2016/754,
author = {Christoph Dobraunig and Maria Eichlseder and Daniel Kales and Florian Mendel},
title = {Practical Key Recovery Attack on {MANTIS}-5},
howpublished = {Cryptology {ePrint} Archive, Paper 2016/754},
year = {2016},
doi = {10.13154/tosc.v2016.i2.248-260},
url = {https://eprint.iacr.org/2016/754}
}
