Meet-in-the-Middle Attacks on Reduced-Round Hierocrypt-3

Hierocrypt-3 is an SPN-based block cipher designed byToshiba Corporation. It operates on 128-bit state using either 128, 192 or 256-bit key. In this paper, we present two meet-in-the-middle attacks in the single-key setting on the 4-round reduced Hierocrypt-3 with 256-bit key. The first attack is based on the differential enumeration approach where we propose a truncated differential characteristic in the first 2.5 rounds and match a multiset of state differences at its output. The other attack is based on the original meet-in-the-middle attack strategy proposed by Demirci and Sel, cuk at FSE 2008 to attack reduced versions of both AES-192 and AES-256. For our attack based on the differential enumeration, the master key is recovered with data complexity of 2(113) chosen plaintexts, time complexity of 2(238) 4-round reduced Hierocrypt-3 encryptions and memory complexity of 2(218) 128-bit blocks. The data, time and memory complexities of our second attack are 2(32), 2(245) and 2(242), respectively. To the best of our knowledge, these are the first attacks on 4-round reduced Hierocrypt-3.