Paper 2022/789

Mind the TWEAKEY Schedule: Cryptanalysis on SKINNYe-64-256

Lingyue Qin, Tsinghua University
Xiaoyang Dong, Tsinghua University
Anyu Wang, Tsinghua University
Jialiang Hua, Tsinghua University
Xiaoyun Wang, Tsinghua University
Abstract

Designing symmetric ciphers for particular applications becomes a hot topic. At EUROCRYPT 2020, Naito, Sasaki and Sugawara invented the threshold implementation friendly cipher SKINNYe-64-256 to meet the requirement of the authenticated encryption PFB_Plus. Soon, Thomas Peyrin pointed out that SKINNYe-64-256 may lose the security expectation due the new tweakey schedule. Although the security issue of SKINNYe-64-256 is still unclear, Naito et al. decided to introduce SKINNYe-64-256 v2 as a response. In this paper, we give a formal cryptanalysis on the new tweakey schedule of SKINNYe-64-256 and discover unexpected differential cancellations in the tweakey schedule. For example, we find the number of cancellations can be up to 8 within 30 consecutive rounds, which is significantly larger than the expected 3 cancellations. Moreover, we take our new discoveries into rectangle, MITM and impossible differential attacks, and adapt the corresponding automatic tools with new constraints from our discoveries. Finally, we find a 41-round related-tweakey rectangle attack on SKINNYe-64-256 and leave a security margin of 3 rounds only. As STK accepts arbitrary tweakey size, but SKINNY and SKINNYe-64-256 v2 only support up to 4n tweakey size. We introduce a new design of tweakey schedule for SKINNY-64 to further extend the supported tweakey size. We give a formal proof that our new tweakey schedule inherits the security requirement of STK and SKINNY. We also discuss possible ways to extend the tweakey size for SKINNY-128.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
A major revision of an IACR publication in ASIACRYPT 2022
Keywords
SKINNY TWEAKEY Rectangle Meet-in-the-middle Impossible differential
Contact author(s)
qinly @ tsinghua edu cn
xiaoyangdong @ tsinghua edu cn
anyuwang @ tsinghua edu cn
huajl18 @ mails tsinghua edu cn
xiaoyunwang @ tsinghua edu cn
History
2022-09-09: last of 2 revisions
2022-06-19: received
See all versions
Short URL
https://ia.cr/2022/789
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2022/789,
      author = {Lingyue Qin and Xiaoyang Dong and Anyu Wang and Jialiang Hua and Xiaoyun Wang},
      title = {Mind the TWEAKEY Schedule: Cryptanalysis on SKINNYe-64-256},
      howpublished = {Cryptology ePrint Archive, Paper 2022/789},
      year = {2022},
      note = {\url{https://eprint.iacr.org/2022/789}},
      url = {https://eprint.iacr.org/2022/789}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.