zbMATH — the first resource for mathematics

Cryptanalysis of the full MMB block cipher. (English) Zbl 1267.94101
Jacobson, Michael J. jun. (ed.) et al., Selected areas in cryptography. 16th annual international workshop, SAC 2009, Calgary, Alberta, Canada, August 13–14, 2009. Revised selected papers. Berlin: Springer (ISBN 978-3-642-05443-3/pbk). Lecture Notes in Computer Science 5867, 231-248 (2009).
Summary: The block cipher MMB was designed by Daemen, Govaerts and Vandewalle, in 1993, as an alternative to the IDEA block cipher. We exploit and describe unusual properties of the modular multiplication in \({\mathbb Z}_{2^{32}-1}\), which lead to a differential attack on the full 6-round MMB cipher (both versions 1.0 and 2.0). Further contributions of this paper include detailed square and linear cryptanalysis of MMB. Concerning differential cryptanalysis (DC), we can break the full MMB with \(2^{118}\) chosen plaintexts, \(2^{95.91} 6\)-round MMB encryptions and \(2^{64}\) counters, effectively bypassing the cipher’s countermeasures against DC. For the square attack, we can recover the 128-bit user key for 4-round MMB with \(2^{34}\) chosen plaintexts, \(2^{126.32} 4\)-round encryptions and \(2^{64}\) memory blocks. Concerning linear cryptanalysis, we present a key-recovery attack on 3-round MMB requiring \(2^{114.56}\) known-plaintexts and \(2^{126}\) encryptions. Moreover, we detail a ciphertext-only attack on 2-round MMB using \(2^{93.6}\) ciphertexts and \(2^{93.6}\) parity computations. These attacks do not depend on weak-key or weak-subkey assumptions, and are thus independent of the key schedule algorithm.
For the entire collection see [Zbl 1177.94012].

94A60 Cryptography
Full Text: DOI