Published in
Springer, Lecture Notes in Computer Science, p. 308-326, 2011
DOI: 10.1007/978-3-642-25385-0_17
Links
- Springer
- [hal.inria.fr] | PDF
- [orbit.dtu.dk] | PDF
- [eprint.iacr.org] | PDF
- [www.researchgate.net]
- [citeseerx.ist.psu.edu] | PDF
- [citeseerx.ist.psu.edu] | PDF
- [orbit.dtu.dk] | PDF
- [hal.inria.fr] | PDF
Tools
Cryptanalysis of ARMADILLO2
Full text: Download
Abstract
ARMADILLO2 is the recommended variant of a multipurpose cryptographic primitive dedicated to hardware which has been proposed by Badel et al. in [1]. In this paper, we describe a meet-in-the-middle technique relying on the parallel matching algorithm that allows us to invert the ARMADILLO2 function. This makes it possible to perform a key recovery attack when used as a FIL-MAC. A variant of this attack can also be applied to the stream cipher derived from the PRNG mode. Finally we propose a (second) preimage attack when used as a hash function. We have validated our attacks by implementing cryptanalysis on scaled variants. The experimental results match the theoretical complexities. In addition to these attacks, we present a generalization of the parallel matching algorithm, which can be applied in a broader context than attacking ARMADILLO2.