Rotational Cryptanalysis on MAC Algorithm Chaskey

Liliya Kraleva, Tomer Ashur, Vincent Rijmen

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

2 Citations (Scopus)
12 Downloads (Pure)


In this paper we generalize the Markov theory with respect to a relation between two plaintexts and not their difference and apply it for rotational pairs. We perform a related-key attack over Chaskey- a lightweight MAC algorithm for 32-bit micro controllers - and find a distinguisher by using rotational probabilities. Having a message m we can forge and present a valid tag for some message under a related key with probability for 8 rounds and for all 12 rounds of the permutation for keys in a defined weak-key class. This attack can be extended to full key recovery with complexity for the full number of rounds.

Original languageEnglish
Title of host publicationApplied Cryptography and Network Security - 18th International Conference, ACNS 2020, Proceedings
Subtitle of host publicationACNS 2020
EditorsMauro Conti, Jianying Zhou, Emiliano Casalicchio, Angelo Spognardi
Number of pages16
ISBN (Electronic)978-3-030-57808-4
ISBN (Print)978-3-030-57807-7
Publication statusPublished - 2020

Publication series

Name Lecture Notes in Computer Science


  • Rotational Cryptanalysis
  • Lightweight Cryptography
  • ARX
  • Chaskey
  • Markov Theory
  • Rotational cryptanalysis
  • Lightweight
  • Markov theory


Dive into the research topics of 'Rotational Cryptanalysis on MAC Algorithm Chaskey'. Together they form a unique fingerprint.

Cite this