Improved Meet-in-the-Middle Attacks on Reduced-Round Kiasu-BC and Joltik-BC.

Kiasu-BC and Joltik-BC are internal tweakable block ciphers of authenticated encryption algorithms Kiasu and Joltik submitted to the CAESAR competition. Kiasu-BC is a 128-bit block cipher, of which tweak and key sizes are 64 and 128 bits, respectively. Joltik-BC-128 is a 64-bit lightweight block cipher supporting 128 bits tweakey. Its designers recommended the key and tweak sizes are both 64 bits. In this paper, we propose improved meet-in-the-middle attacks on 8-round Kiasu-BC, 9-round and 10-round Joltik-BC-128 by exploiting properties of their structures and using precomputation tables and the differential enumeration. For Kiasu-BC, we build a 5-round distinguisher to attack 8-round Kiasu-BC with |$2^{109}$| plaintext–tweaks, |$2^{112.8}$| encrytions and |$2^{92.91}$| blocks. Compared with previously best known cryptanalytic results on 8-round Kiasu-BC under chosen plaintext attacks, the data and time complexities are reduced by |$2^{7}$| and |$2^{3.2}$| times, respectively. For the recommended version of Joltik-BC-128, we construct a 6-round distinguisher to attack 9-round Joltik-BC-128 with |$2^{53}$| plaintext–tweaks, |$2^{56.6}$| encryptions and |$2^{52.91}$| blocks, respectively. Compared with previously best known results, the data and time complexities are reduced by |$2^7$| and |$2^{5.1}$| times, respectively. In addition, we present a 6.5-round distinguisher to attack 10-round Joltik-BC-128 with |$2^{53}$| plaintext–tweaks, |$2^{101.4}$| encryptions and |$2^{76.91}$| blocks. [ABSTRACT FROM AUTHOR]