Top

Designs, Codes and Cryptography

Published in:

09-06-2018

Cryptanalysis of MORUS

Authors: Yanbin Li, Meiqin Wang

Published in: Designs, Codes and Cryptography | Issue 5/2019

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

MORUS is an authenticated cipher submitted to the ongoing CAESAR competition and becomes one of 15 candidates entering the third round. This paper studies the bit-based division property and differential trails of MORUS-640/1280 with Mixed Integer Linear Programming (MILP) tool. The key-recovery attacks are executed against at most 5.5/6.5-step MORUS-640/1280 with the new concept of cube attacks based on the division property proposed by Todo et al. Meanwhile, we take the MILP model of bitwise AND operation with a constant introduced by Sun et al. into consideration, which makes the division trails and the subsequent integral distinguishers more accurate. And we also obtain 6/6.5-step integral distinguishers for MORUS-640/1280 and 4.5-step differential distinguishers of MORUS-1280. Compared to previous work, the cryptanalysis in this paper is the best result in terms of the number of attacked steps and required complexity.

previous article Identity-based encryption with hierarchical key-insulation in the standard model

next article A recursive construction for difference systems of sets

Note that the we can not find all possible superpolys for limited computing resource.

For a cube \(C_I\), there are many values in the constant part of iv whose corresponding superpoly is balanced.—Definition of Strong Assumption from [20].

Bellare M., Namprempre C.: Authenticated encryption: relations among notions and analysis of the generic composition paradigm. In: Okamoto T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531–545. Springer, Heidelberg (2000).

Dinur I., Shamir A.: Cube attacks on tweakable black box polynomials. In: Joux A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 278–299. Springer, Heidelberg (2009).

Dwivedi A.D., Morawiecki P., Wòjtowicz S.: Differential and rotational cryptanalysis of round-reduced MORUS. In: SECRYPT 2017.

Gligor V., Donescu P.: Fast encryption and authentication: XCBC encryption and XECB authentication modes. In: Matsui M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 92–108. Springer, Heidelberg (2002).

Gurobi Optimization Inc.: Gurobi optimizer 6.5. Ocial webpage (2015). http://www.gurobi.com/.

Jutla C.: Encryption modes with almost free message integrity. In: Pfitzmann B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 529–544. Springer, Heidelberg (2001).

Mileva A., Dimitrova V., Velichkov V.: Analysis of the Authenticated Cipher MORUS (v1). In: Pasalic E., Knudsen L.R. (eds.) BalkanCryptSec 2015. LNCS, vol. 9540, Koper, Slovenia, pp. 45–59 (2016).

Mouha N., Wang Q., Gu D., Preneel B.: Differential and linear cryptanalysis using mixed-integer linear programming. In: Wu C.-K., Yung M., Lin D. (eds.) Inscrypt 2011. LNCS, vol. 7537, pp. 57–76. Springer, Heidelberg (2012).

NIST: Advanced Encryption Standard (AES), federal Information Processing Standards Publication FIPS 197.

10.

Rogaway P.: Authenticated-encryption with associated-data. In: ACM Conference on Computer and Communications Security (CCS-9). ACM Press, New York, pp. 98–107 (2002).

11.

Rogaway P., Bellare M., Black J., Krovetz T.: OCB: a block-cipher mode of operation for efficient authenticated encryption. In: ACM Conference on Computer and Communications Security (CCS-8). ACM Press, New York (2001).

12.

Shi T.R., Guan J., Li J.Z., Zhang P.: Improved collision cryptanalysis of authenticated cipher MORUS. In: AIIE 2016. Advances in Intelligent Systems Research, vol. 133, pp. 429–432.

13.

Sun S., Hu L., Song L., Xie Y., Wang P.: Automatic security evaluation of block ciphers with S-bP structures against related-key differential attacks. In: Lin D., et al. (eds.) Inscrypt 2013. LNCS, vol. 8567, pp. 39–51. Springer, Heidelberg (2013).

14.

Sun S., Hu L., Qiao K., Ma X., Song L.: Automatic Security evaluation and (related-key) differential characteristic search: application to SIMON, PRESENT, LBlock, DES(L) and other bit-oriented block ciphers. In: Sarkar P., Iwata T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 158–178. Springer, Heidelberg (2014).

15.

Sun S., Hu L., Wang M., Wang P., Qiao K., Ma X., Shi D., Song L., Fu K.: Towards finding the best characteristics of some bit-oriented block ciphers and automatic enumeration of (related-key) differential and linear characteristics with predefined properties. Cryptology ePrint Archive. Report 2014/747 (2014). https://eprint.iacr.org/.

16.

Sun L., Wang W., Liu R., Wang M.Q.: MILP-aided bit-based division property for ARX-based block cipher. http://eprint.iacr.org/2016/1101.pdf.

17.

The CAESAR committee: CAESAR: Competition for authenticated encryption: Security, applicability, and robustness. http://competitions.cr.yp.to/caesar.html.

18.

Todo Y.: Structural evaluation by generalized integral property. In: Oswald E., Fischlin M. (eds.) EUROCRYPT 2015, Part I. LNCS, vol. 9056, pp. 287–314. Springer, Heidelberg (2015).

19.

Todo Y., Morii M.: Bit-based division property and application to SIMON family. In: Peyrin T. (ed.) FSE 2016. LNCS, vol. 9783, pp. 357–377. Springer, Heidelberg (2016).

20.

Todo Y., Isobe T., Hao Y.L., Meier W.: Cube attacks on non-blackbox polynomials based on division property. In: Katz J., Shacham H. (eds.) CRYPTO 2017, Part III. LNCS, vol. 10403, pp. 250–279. Springer, Heidelberg (2017).

21.

Winnen L.: Sage S-box Milp Toolkit. http://www.ecrypt.eu.org/tools/sage-s-box-milp-toolkit.

22.

Wu H.J., Huang T.: The Authenticated Cipher MORUS (v2). http://competitions.cr.yp.to/round3/morusv2.pdf.

23.

Wu S., Wang M.: Security evaluation against differential cryptanalysis for block cipher structures. Cryptology ePrint Archive. Report 2011/551 (2011). https://eprint.iacr.org/.

24.

Xiang Z.J., Zhang W.T., Bao Z.Z., Lin D.D.: Applying MILP method to searching integral distinguishers based on division property for 6 lightweight block ciphers. In: Cheon J.H., Takagi T. (eds.) ASIACRYPT 2016, Part I. LNCS, vol. 10031, pp. 648–678. Springer, Heidelberg (2016).

25.

Zhang P., Guan J., Li J.Z., Shi T.R.: Research on the confusion and diffusion properties of the initialization of MORUS. J. Cryptol. Res. 2(6), 536–548 (2015).

Title: Cryptanalysis of MORUS
Authors: Yanbin Li
Meiqin Wang
Publication date: 09-06-2018
Publisher: Springer US
Published in: Designs, Codes and Cryptography / Issue 5/2019
Print ISSN: 0925-1022
Electronic ISSN: 1573-7586
DOI: https://doi.org/10.1007/s10623-018-0501-6

Springer Professional

Cryptanalysis of MORUS

Abstract

Premium Partner

Springer Professional

Abstract

Please log in to get access to your license.

Other articles of this Issue 5/2019

The linear complexity of generalized cyclotomic binary sequences of period

Covers and partial transversals of Latin squares

Orthogonal one-factorizations of complete multipartite graphs

Using Bernstein–Vazirani algorithm to attack block ciphers

A construction of q-ary linear codes with irreducible cyclic codes

Obituary of Jacques Wolfmann (1932–2018)

Premium Partner