Related-Key Differential Cryptanalysis of Full Round CRAFT

CRAFT is a lightweight tweakable block cipher introduced in FSE 2019. One of the main design criteria of CRAFT is the efficient protection of its implementations against differential fault analysis. While the authors of CRAFT provide several cryptanalysis results in several attack models, they do not claim any security of CRAFT against related-key differential attacks. In this paper, we utilize the simple key schedule of CRAFT to propose a systematic method for constructing several repeatable 2-round related-key differential characteristics with probability \(2^{-2}\). We then employ one of these characteristics to mount a key recovery attack on full-round CRAFT using \(2^{31}\) queries to the encryption oracle and \(2^{85}\) encryptions, and \(2^{41}\) 64-bit blocks of memory.. Additionally, we manage to use 8 related-key differential distinguishers, with 8 related-key differences, in order to mount a key recovery attack on the full-round cipher with \(2^{35.17}\) queries to the encryption oracle, \(2^{32}\) encryptions and about \(2^6\) 64-bit blocks of memory. Furthermore, we present another attack that recovers the whole master key with \(2^{36.09}\) queries to the encryption oracle and only 11 encryptions with \(2^7\) blocks of memory using 16 related-key differential distinguishers.