Conditional Cube Key Recovery Attack on Round-Reduced Xoodyak

Mohammad Vaziri, Vesselin Velichkov

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract / Description of output

Since the announcement of the NIST call for a new lightweight cryptographic standard, a lot of schemes have been proposed in response. Xoodyak is one of these schemes and is among the finalists of the NIST competition with a sponge structure very similar to the Keccak hash function – the winner of the SHA3 NIST competition. In this paper with conditional cube attack technique, we fully recover the key of Xoodyak reduced to 6 and 7 rounds with time complexity resp. 2^{42.58} and 2^{76.003} in the nonce-reusing scenario. In our attack setting, we import the cube variables in the absorbing associated data phase, which has higher degree of freedom in comparison to data absorption phase. We use MILP tool for finding enough cube variables to perform the conditional key recovery attack. The 6-round attack is practical and has been implemented. To the best of our knowledge, this is the first proposed attack on 7-round Xoodyak.
Original languageEnglish
Title of host publicationApplied Cryptography and Network Security Workshops
Subtitle of host publicationACNS 2023 Satellite Workshops, ADSC, AIBlock, AIHWS, AIoTS, CIMSS, Cloud S&P, SCI, SecMT, SiMLA, Kyoto, Japan, June 19–22, 2023, Proceedings
Number of pages20
ISBN (Electronic)9783031411816
ISBN (Print)9783031411809
Publication statusPublished - 4 Oct 2023
Event21st International Conference on Applied Cryptography and Network Security - Kyoto, Japan
Duration: 19 Jun 202322 Jun 2023
Conference number: 21

Publication series

NameLecture Notes in Computer Science
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference21st International Conference on Applied Cryptography and Network Security
Abbreviated titleACNS 2023

Keywords / Materials (for Non-textual outputs)

  • Xoodyak
  • Symmetric-key
  • cryptanalysis
  • Conditional Cube Attack
  • Lightweight Cryptography
  • MILP


Dive into the research topics of 'Conditional Cube Key Recovery Attack on Round-Reduced Xoodyak'. Together they form a unique fingerprint.

Cite this