New Meet-in-the-Middle Attacks on FOX Block Cipher

FOX block cipher was designed with a Lai-Massey scheme, in which the round function uses the Substitution-Permutation-Substitution structure. A meet-in-the-middle (MITM) attack is one of the most important issues for the security of the block cipher, which consists of a precomputation phase for constructing a distinguisher and an online phase for key recovery. This paper studies the MITM attacks against FOX. The first MITM distinguishers of 5-round FOX64, 7-round FOX64-256 and 5-round FOX128 are presented when using the differential enumeration technique with truncated differential characteristics. Then, based on these distinguishers, the attacks for key recovery on 7-round FOX64, 11-round FOX64-256 and 7-round FOX128 are presented with the state-test and state-search techniques. It is shown that the attack on 11-round FOX64-256 is proposed for the first time; attacks on 7-round FOX64 and 7-round FOX128 can be improved with lower time and memory complexities compared with the currently known attacks.

Automated summary

This paper studies the meet-in-the-middle (MITM) attacks against the FOX block cipher and proposes key recovery attacks for different numbers of rounds. Through techniques such as differential enumeration and state testing, it is shown that these attacks can be achieved with lower time and memory complexities, posing a threat to the security of the cipher.