< Back to previous page


Rotational Cryptanalysis on MAC Algorithm Chaskey

Book Contribution - Book Chapter Conference Contribution

In this paper we generalize the Markov theory with respect to a relation between two plaintexts and not their difference and apply it for rotational pairs. We perform a related-key attack over Chaskey- a lightweight MAC algorithm for 32-bit micro controllers - and find a distinguisher by using rotational probabilities. Having a message m we can forge and present a valid tag for some message under a related key with probability \(2^{-57}\) for 8 rounds and \(2^{-86}\) for all 12 rounds of the permutation for keys in a defined weak-key class. This attack can be extended to full key recovery with complexity \(2^{120}\) for the full number of rounds.
Book: ACNS 2020: Applied Cryptography and Network Security
Pages: 153 - 168
Number of pages: 16