Rotational Cryptanalysis of MORUS
MORUS is one of the finalists of the CAESAR competition. This is an ARX construction that required investigation against rotational cryptanalysis. We investigated the power of rotational cryptanalysis against MORUS. We show that all the operations in the state update function of MORUS maintain the r...
Main Author: | |
---|---|
Format: | Article |
Language: | English |
Published: |
MDPI AG
2021-12-01
|
Series: | Symmetry |
Subjects: | |
Online Access: | https://www.mdpi.com/2073-8994/13/12/2426 |
_version_ | 1797500340094894080 |
---|---|
author | Iftekhar Salam |
author_facet | Iftekhar Salam |
author_sort | Iftekhar Salam |
collection | DOAJ |
description | MORUS is one of the finalists of the CAESAR competition. This is an ARX construction that required investigation against rotational cryptanalysis. We investigated the power of rotational cryptanalysis against MORUS. We show that all the operations in the state update function of MORUS maintain the rotational pairs when the rotation distance is set to a multiple of the sub-word size. Our investigation also confirms that the rotational pairs can be used as distinguishers for the full version of MORUS if the constants used in MORUS are rotational-invariant. However, the actual constants used in MORUS are not rotational-invariant. The introduction of such constants in the state update function breaks the symmetry of the rotational pairs. Experimental results show that rotational pairs can be used as distinguishers for only one step of the initialization phase of MORUS. For more than one step, there are not enough known differences in the rotational pairs of MORUS to provide an effective distinguisher. This is due to the XOR-ing of the constants that are not rotational-invariant. Therefore, it is unlikely for an adversary to construct a distinguisher for the full version of MORUS by observing the rotational pairs. |
first_indexed | 2024-03-10T03:00:31Z |
format | Article |
id | doaj.art-fd67c1cd87ee45079e60aa8230c1fc8b |
institution | Directory Open Access Journal |
issn | 2073-8994 |
language | English |
last_indexed | 2024-03-10T03:00:31Z |
publishDate | 2021-12-01 |
publisher | MDPI AG |
record_format | Article |
series | Symmetry |
spelling | doaj.art-fd67c1cd87ee45079e60aa8230c1fc8b2023-11-23T10:47:04ZengMDPI AGSymmetry2073-89942021-12-011312242610.3390/sym13122426Rotational Cryptanalysis of MORUSIftekhar Salam0School of Electrical and Computer Engineering, Xiamen University Malaysia, Sepang 43900, MalaysiaMORUS is one of the finalists of the CAESAR competition. This is an ARX construction that required investigation against rotational cryptanalysis. We investigated the power of rotational cryptanalysis against MORUS. We show that all the operations in the state update function of MORUS maintain the rotational pairs when the rotation distance is set to a multiple of the sub-word size. Our investigation also confirms that the rotational pairs can be used as distinguishers for the full version of MORUS if the constants used in MORUS are rotational-invariant. However, the actual constants used in MORUS are not rotational-invariant. The introduction of such constants in the state update function breaks the symmetry of the rotational pairs. Experimental results show that rotational pairs can be used as distinguishers for only one step of the initialization phase of MORUS. For more than one step, there are not enough known differences in the rotational pairs of MORUS to provide an effective distinguisher. This is due to the XOR-ing of the constants that are not rotational-invariant. Therefore, it is unlikely for an adversary to construct a distinguisher for the full version of MORUS by observing the rotational pairs.https://www.mdpi.com/2073-8994/13/12/2426authenticated encryptionCAESAR competitionMORUSstream cipherrotational cryptanalysis |
spellingShingle | Iftekhar Salam Rotational Cryptanalysis of MORUS Symmetry authenticated encryption CAESAR competition MORUS stream cipher rotational cryptanalysis |
title | Rotational Cryptanalysis of MORUS |
title_full | Rotational Cryptanalysis of MORUS |
title_fullStr | Rotational Cryptanalysis of MORUS |
title_full_unstemmed | Rotational Cryptanalysis of MORUS |
title_short | Rotational Cryptanalysis of MORUS |
title_sort | rotational cryptanalysis of morus |
topic | authenticated encryption CAESAR competition MORUS stream cipher rotational cryptanalysis |
url | https://www.mdpi.com/2073-8994/13/12/2426 |
work_keys_str_mv | AT iftekharsalam rotationalcryptanalysisofmorus |