{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,29]],"date-time":"2025-10-29T03:48:21Z","timestamp":1761709701064},"reference-count":24,"publisher":"Oxford University Press (OUP)","issue":"12","license":[{"start":{"date-parts":[[2020,6,22]],"date-time":"2020-06-22T00:00:00Z","timestamp":1592784000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/academic.oup.com\/journals\/pages\/open_access\/funder_policies\/chorus\/standard_publication_model"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020,12,17]]},"abstract":"<jats:title>Abstract<\/jats:title>\n               <jats:p>In ASIACRYPT 2014, Jean et al. proposed the authentication encryption scheme Deoxys, which is one of the third-round candidates in CAESAR competition. Its internal block cipher is called Deoxys-BC that adopts the tweakey frame. Deoxys-BC has two versions of the tweakey size that are 256 bits and 384 bits, denoted by Deoxys-BC-256 and Deoxys-BC-384, respectively. In this paper, we revaluate the security of Deoxys-BC-256 against the meet-in-the-middle attack to obtain some new results. First, we append one round at the top and two rounds at the bottom of a 6-round distinguisher to form a 9-round truncated differential path with the probability of $2^{-144}$. Based on it, the adversary can attack 9-round Deoxys-BC-256 with $2^{108}$ chosen plaintext-tweaks, $2^{113.6}$ encryptions and $2^{102}$ blocks. Second, we construct a new 6.5-round distinguisher to form 10-round attacking path with the probability of $2^{-152}$. On the basis of it, the adversary could attack 10-round Deoxys-BC-256 with $2^{115}$ chosen plaintext-tweaks, $2^{171}$ encryptions and $2^{152}$ blocks. These two attacks improve the previous cryptanalytic results on reduced-round Deoxys-BC-256 against the meet-in-the-middle attack.<\/jats:p>","DOI":"10.1093\/comjnl\/bxaa028","type":"journal-article","created":{"date-parts":[[2020,2,28]],"date-time":"2020-02-28T07:18:34Z","timestamp":1582874314000},"page":"1859-1870","source":"Crossref","is-referenced-by-count":7,"title":["Improved Meet-in-the-Middle Attacks on Reduced-Round Deoxys-BC-256"],"prefix":"10.1093","volume":"63","author":[{"given":"Ya","family":"Liu","sequence":"first","affiliation":[{"name":"Department of Computer Science and Engineering University of Shanghai for Science and Technology, Shanghai 200093, China"},{"name":"Department of Computer Science and Engineering, Shanghai Jiao Tong University, Shanghai 200240, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Bing","family":"Shi","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Engineering University of Shanghai for Science and Technology, Shanghai 200093, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Dawu","family":"Gu","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Engineering, Shanghai Jiao Tong University, Shanghai 200240, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Fengyu","family":"Zhao","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Engineering University of Shanghai for Science and Technology, Shanghai 200093, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Wei","family":"Li","sequence":"additional","affiliation":[{"name":"School of Computer Science and Technology, Donghua University, Shanghai 201620, China"},{"name":"Shanghai Key Laboratory of Scalable Computing and Systems, Shanghai, 200240, China"},{"name":"Shanghai Key Laboratory of Integrate Adminstration Technologies for Information Security, Shanghai 200240, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zhiqiang","family":"Liu","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Engineering, Shanghai Jiao Tong University, Shanghai 200240, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"286","published-online":{"date-parts":[[2020,6,22]]},"reference":[{"key":"2020121207433970200_ref1"},{"journal-title":"Deoxys v1.41","author":"Jean","key":"2020121207433970200_ref2"},{"key":"2020121207433970200_ref3","first-page":"274","article-title":"Tweaks and Keys for Block Ciphers: The TWEAKEY Framework","volume-title":"Proc. Advances in Cryptology\u2014ASIACRYPT 2010","author":"Jean","year":"2014"},{"key":"2020121207433970200_ref4","doi-asserted-by":"crossref","first-page":"31","DOI":"10.1007\/3-540-45708-9_3","article-title":"Tweakable Block Ciphers","volume-title":"Proc. Advances in Cryptology\u2014CRYPTO 2002","author":"Liskov","year":"2002"},{"key":"2020121207433970200_ref5","first-page":"306","article-title":"The Software Performance of Authenticated-Encryption Modes","volume-title":"Proc. Fast Software Encryption\u2014FSE 2011","author":"Krovetz","year":"2011"},{"key":"2020121207433970200_ref6","doi-asserted-by":"crossref","first-page":"33","DOI":"10.1007\/978-3-662-53018-4_2","article-title":"Counter-in-Tweak: Authenticated Encryption Modes for Tweakable Block Ciphers","volume-title":"Proc. Advances in Cryptology\u2014CRYPTO 2016","author":"Peyrin","year":"2016"},{"key":"2020121207433970200_ref7","doi-asserted-by":"crossref","first-page":"73","DOI":"10.46586\/tosc.v2017.i3.73-107","article-title":"A security analysis of Deoxys and its internal tweakable block ciphers","volume":"2017","author":"Cid","year":"2017","journal-title":"IACR Trans. Symm. Cryptol."},{"key":"2020121207433970200_ref8","doi-asserted-by":"crossref","first-page":"87","DOI":"10.1007\/978-3-319-89339-6_6","article-title":"Improved Related-Tweakey Boomerang Attacks on Deoxys-BC","volume-title":"Proc. Progress in Cryptology\u2014AFRICACRYPT 2018","author":"Sasaki","year":"2018"},{"key":"2020121207433970200_ref9","doi-asserted-by":"crossref","first-page":"8890","DOI":"10.1109\/ACCESS.2018.2808484","article-title":"Impossible differential cryptanalysis of 8-round Deoxys-BC-256","volume":"6","author":"Jiang","year":"2018","journal-title":"IEEE Access"},{"key":"2020121207433970200_ref10","first-page":"93","article-title":"Impossible differential cryptanalysis on Deoxys-BC-256","volume":"10","author":"Mehrdad","year":"2018","journal-title":"ISC Int. J. Inf. Secur."},{"key":"2020121207433970200_ref11","doi-asserted-by":"crossref","first-page":"70","DOI":"10.1049\/iet-ifs.2018.5091","article-title":"Meet-in-the-middle attacks on round-reduced tweakable block cipher Deoxys-BC","volume":"13","author":"Li","year":"2019","journal-title":"IET Inf. Secur."},{"key":"2020121207433970200_ref12","first-page":"32102:1","article-title":"Related-tweakey impossible differential attack on reduced-round Deoxys-BC-256","volume-title":"Sci. China Inform. Sci.","author":"Zong","year":"2019"},{"key":"2020121207433970200_ref13","doi-asserted-by":"crossref","first-page":"121","DOI":"10.46586\/tosc.v2019.i3.121-151","article-title":"New related-tweakey boomerang and rectangle attacks on Deoxys-BC including BDT effect","volume":"2019","author":"Zhao","year":"2019","journal-title":"IACR Trans. Symm. Cryptol."},{"key":"2020121207433970200_ref14","doi-asserted-by":"crossref","first-page":"139","DOI":"10.1007\/978-3-030-35423-7_7","article-title":"Improved Related-Tweakey Rectangle Attacks on Reduced-Round Deoxys-BC-384 and Deoxys-I-256-128","volume-title":"Proc. Progress in Cryptology\u2014INDOCRYPT 2019","author":"Zhao","year":"2019"},{"key":"2020121207433970200_ref15","first-page":"103","article-title":"Preimage Attacks on One-Block MD4, 63-Step MD5 and More","volume-title":"Proc. Selected Areas in Cryptography\u2014SAC 2008","author":"Aoki","year":"2009"},{"key":"2020121207433970200_ref16","doi-asserted-by":"crossref","first-page":"134","DOI":"10.1007\/978-3-642-01001-9_8","article-title":"Finding Preimages in Full MD5 Faster Than Exhaustive Search","volume-title":"Proc. Advances in Cryptology\u2014EUROCRYPT 2009","author":"Sasaki","year":"2009"},{"key":"2020121207433970200_ref17","first-page":"116","article-title":"A Meet-in-the-Middle Attack on 8-Round AES","volume-title":"Proc. Fast Software Encryption\u2014FSE 2008","author":"Demirci","year":"2008"},{"key":"2020121207433970200_ref18","doi-asserted-by":"crossref","first-page":"158","DOI":"10.1007\/978-3-642-17373-8_10","article-title":"Improved Single-Key Attacks on 8-Round AES-192 and AES-256","volume-title":"Proc. Advances in Cryptology\u2014ASIACRYPT 2010","author":"Dunkelman","year":"2010"},{"key":"2020121207433970200_ref19","doi-asserted-by":"crossref","first-page":"371","DOI":"10.1007\/978-3-642-38348-9_23","article-title":"Improved Key Recovery Attacks on Reduced-Round AES in the Single-Key Setting","volume-title":"Proc. Advances in Cryptology\u2014EUROCRYPT 2013","author":"Derbez","year":"2013"},{"key":"2020121207433970200_ref20","doi-asserted-by":"crossref","first-page":"458","DOI":"10.1007\/978-3-662-45611-8_24","article-title":"Meet-in-the-Middle Attacks on Generic Feistel Constructions","volume-title":"Proc. Advances in Cryptology\u2014ASIACRYPT 2014","author":"Guo","year":"2014"},{"key":"2020121207433970200_ref21","doi-asserted-by":"crossref","first-page":"587","DOI":"10.1007\/s10623-015-0120-4","article-title":"Extended meet-in-the-middle attacks on some Feistel constructions","volume":"80","author":"Guo","year":"2016","journal-title":"Design. Code. Cryptogr."},{"key":"2020121207433970200_ref22","doi-asserted-by":"crossref","first-page":"307","DOI":"10.46586\/tosc.v2016.i2.307-337","article-title":"Meet-in-the-middle attacks on classes of contracting and expanding Feistel constructions","volume":"2016","author":"Guo","year":"2017","journal-title":"IACR Trans. Symm. Cryptol."},{"key":"2020121207433970200_ref23","doi-asserted-by":"crossref","first-page":"459","DOI":"10.1007\/s10623-015-0113-3","article-title":"Meet-in-the-middle attacks on 10-round AES-256","volume":"80","author":"Li","year":"2016","journal-title":"Design. Code. Cryptogr."},{"key":"2020121207433970200_ref24","doi-asserted-by":"crossref","DOI":"10.1007\/978-3-662-04722-4","volume-title":"The Design of Rijndael: AES\u2014The Advanced Encryption Standard. Information Security and Cryptography","author":"Daemen","year":"2002"}],"container-title":["The Computer Journal"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/academic.oup.com\/comjnl\/article-pdf\/63\/12\/1859\/34867835\/bxaa028.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"http:\/\/academic.oup.com\/comjnl\/article-pdf\/63\/12\/1859\/34867835\/bxaa028.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,12,12]],"date-time":"2020-12-12T07:43:53Z","timestamp":1607759033000},"score":1,"resource":{"primary":{"URL":"https:\/\/academic.oup.com\/comjnl\/article\/63\/12\/1859\/5860022"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,6,22]]},"references-count":24,"journal-issue":{"issue":"12","published-online":{"date-parts":[[2020,6,22]]},"published-print":{"date-parts":[[2020,12,17]]}},"URL":"https:\/\/doi.org\/10.1093\/comjnl\/bxaa028","relation":{},"ISSN":["0010-4620","1460-2067"],"issn-type":[{"type":"print","value":"0010-4620"},{"type":"electronic","value":"1460-2067"}],"subject":[],"published-other":{"date-parts":[[2020,12]]},"published":{"date-parts":[[2020,6,22]]}}}