Slide Property of RAKAPOSHI and Its Application to Key Recovery Attack

概要

論文の詳細を見る
This paper gives a first security evaluation of a lightweight stream cipher RAKAPOSHI. In particular, we analyze a slide property of RAKAPOSHI such that two different Key-IV pairs generate the same keystream but n-bit shifted. To begin with, we demonstrate that any Key-IV pair has a corresponding slide Key-IV pair that generates an n-bit shifted keystream with a probability of 2-2n. In order to experimentally support our results, some examples of such pairs are given. Then, we show that this property is able to be converted into key recovery attacks on RAKAPOSHI. In the related-key setting, our attack based on the slide property can recover a 128-bit key with a time complexity of 241 and 238 chosen IVs. Moreover, by using a variant of slide property called partial slide pair, this attack is further improved, and then a 128-bit key can be recovered with a time complexity of 233 and 230 chosen IVs. Finally, we present a method for speeding up the brute force attack by a factor of 2 in the single key setting.