Maria Eichlseder

From ESC2017
Jump to: navigation, search

Title: Practical Key Recovery Attack on MANTIS-5

Abstract: Abstract: MANTIS is a lightweight tweakable block cipher published at CRYPTO 2016. Based on bounds against linear/differential cryptanalysis, the designers claim that family member MANTIS-5 resists related-tweak attacks with computational complexity at most $2^{126-d}$ for data complexity $2^d$ at most $2^{30}$ chosen plaintexts (or $2^{40}$ known plaintexts). We show how a number of "typical lightweight" properties of the MANTIS round transformations erode the security bounds, resulting in a differential attack that recovers the full 128-bit key in 1 core hour using about $2^{30}$ chosen plaintexts. This is joint work with Christoph Dobraunig, Daniel Kales, and Florian Mendel.