A More Practical Attack Against Yoroi
Yoroi is a family of space-hard block cipher proposed at TCHES 2021. This cipher contains two parts, a core part and an AES layer to prevent the blackbox adversary. At FSE 2023, Todo and Isobe proposed a code-lifting attack to recover the secret T-box in Yoroi, breaking the security claims of Yoroi...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Ruhr-Universität Bochum
2025-03-01
|
| Series: | IACR Transactions on Symmetric Cryptology |
| Subjects: | |
| Online Access: | https://tosc.iacr.org/index.php/ToSC/article/view/12081 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849762405993676800 |
|---|---|
| author | Runhao Wei Jinliang Wang Haoyang Wang Muzhou Li Yunling Zhang Meiqin Wang |
| author_facet | Runhao Wei Jinliang Wang Haoyang Wang Muzhou Li Yunling Zhang Meiqin Wang |
| author_sort | Runhao Wei |
| collection | DOAJ |
| description |
Yoroi is a family of space-hard block cipher proposed at TCHES 2021. This cipher contains two parts, a core part and an AES layer to prevent the blackbox adversary. At FSE 2023, Todo and Isobe proposed a code-lifting attack to recover the secret T-box in Yoroi, breaking the security claims of Yoroi. Their work shows that the AES layer is vulnerable in the whitebox model and has no contribution to the security in a hybrid of blackbox and whitebox model. Besides, their attack employs a strong hack model to modify and extract the table entries of the T-box. This hack model is suitable for the environment used by Yoroi while it is difficult to achieve in the practical application.
In this paper, we present an attack on Yoroi within a more practical scenario. Compared with the previous attack, our attack is a chosen-plaintext-ciphertext attack in the blackbox phase and assumes that the whitebox attacker has reduced capabilities, as one only needs to extract the AES key without modifying or extracting the table entries. Furthermore, we introduce a family of equivalent representations of Yoroi, using this we can recover an equivalent cipher without any leaked information of table entries. As a result, the complexities of our attack remain almost the same as that of the previous attack.
|
| format | Article |
| id | doaj-art-598e8ebb2b624fb98743c376cdca7995 |
| institution | DOAJ |
| issn | 2519-173X |
| language | English |
| publishDate | 2025-03-01 |
| publisher | Ruhr-Universität Bochum |
| record_format | Article |
| series | IACR Transactions on Symmetric Cryptology |
| spelling | doaj-art-598e8ebb2b624fb98743c376cdca79952025-08-20T03:05:45ZengRuhr-Universität BochumIACR Transactions on Symmetric Cryptology2519-173X2025-03-012025110.46586/tosc.v2025.i1.357-379A More Practical Attack Against YoroiRunhao Wei0Jinliang Wang1Haoyang Wang2Muzhou Li3Yunling Zhang4Meiqin Wang5School of Cyber Science and Technology, Shandong University, Qingdao, China; Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Jinan, China; State Key Laboratory of Cryptography and Digital Economy Security, Shandong University, Qingdao, 266237, ChinaSchool of Cyber Science and Technology, Shandong University, Qingdao, China; Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Jinan, China; State Key Laboratory of Cryptography and Digital Economy Security, Shandong University, Qingdao, 266237, ChinaShanghai Jiao Tong University, Shanghai, ChinaSchool of Cyber Science and Technology, Shandong University, Qingdao, China; Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Jinan, China; State Key Laboratory of Cryptography and Digital Economy Security, Shandong University, Qingdao, 266237, ChinaCHECC Data Co., Ltd., Beijing, ChinaQuan Cheng Shandong Laboratory, Jinan, China; School of Cyber Science and Technology, Shandong University, Qingdao, China; Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Jinan, China; State Key Laboratory of Cryptography and Digital Economy Security, Shandong University, Qingdao, 266237, China Yoroi is a family of space-hard block cipher proposed at TCHES 2021. This cipher contains two parts, a core part and an AES layer to prevent the blackbox adversary. At FSE 2023, Todo and Isobe proposed a code-lifting attack to recover the secret T-box in Yoroi, breaking the security claims of Yoroi. Their work shows that the AES layer is vulnerable in the whitebox model and has no contribution to the security in a hybrid of blackbox and whitebox model. Besides, their attack employs a strong hack model to modify and extract the table entries of the T-box. This hack model is suitable for the environment used by Yoroi while it is difficult to achieve in the practical application. In this paper, we present an attack on Yoroi within a more practical scenario. Compared with the previous attack, our attack is a chosen-plaintext-ciphertext attack in the blackbox phase and assumes that the whitebox attacker has reduced capabilities, as one only needs to extract the AES key without modifying or extracting the table entries. Furthermore, we introduce a family of equivalent representations of Yoroi, using this we can recover an equivalent cipher without any leaked information of table entries. As a result, the complexities of our attack remain almost the same as that of the previous attack. https://tosc.iacr.org/index.php/ToSC/article/view/12081Whitebox cryptographySpace-hardCryptanalysisYoroi |
| spellingShingle | Runhao Wei Jinliang Wang Haoyang Wang Muzhou Li Yunling Zhang Meiqin Wang A More Practical Attack Against Yoroi IACR Transactions on Symmetric Cryptology Whitebox cryptography Space-hard Cryptanalysis Yoroi |
| title | A More Practical Attack Against Yoroi |
| title_full | A More Practical Attack Against Yoroi |
| title_fullStr | A More Practical Attack Against Yoroi |
| title_full_unstemmed | A More Practical Attack Against Yoroi |
| title_short | A More Practical Attack Against Yoroi |
| title_sort | more practical attack against yoroi |
| topic | Whitebox cryptography Space-hard Cryptanalysis Yoroi |
| url | https://tosc.iacr.org/index.php/ToSC/article/view/12081 |
| work_keys_str_mv | AT runhaowei amorepracticalattackagainstyoroi AT jinliangwang amorepracticalattackagainstyoroi AT haoyangwang amorepracticalattackagainstyoroi AT muzhouli amorepracticalattackagainstyoroi AT yunlingzhang amorepracticalattackagainstyoroi AT meiqinwang amorepracticalattackagainstyoroi AT runhaowei morepracticalattackagainstyoroi AT jinliangwang morepracticalattackagainstyoroi AT haoyangwang morepracticalattackagainstyoroi AT muzhouli morepracticalattackagainstyoroi AT yunlingzhang morepracticalattackagainstyoroi AT meiqinwang morepracticalattackagainstyoroi |