Two Complementary Truncated Differential Attacks on Midori-64

Year 2026, Volume: 15 Issue: 1, 25 - 47, 19.03.2026

Can Balıkçı , Orhun Kara

https://doi.org/10.55859/ijiss.1824878

https://izlik.org/JA34DU36LA

Abstract

The design of lightweight yet secure block ciphers, particularly for resource-constrained platforms such as RFID tags, tiny sensors, or pocket-sized mobile devices, has been a central focus of symmetric encryption research for over two decades. Midori, introduced by Banik et al. at ASIACRYPT 2015, is one of the most cryptanalyzed lightweight block ciphers and comes in two variants: Midori-64 (64-bit state, 16 rounds) and Midori-128 (128-bit state, 20 rounds), both using a 128-bit key.

In this work, we extend the security analysis of Midori-64 via truncated differential techniques, providing a clearer understanding of its resistance against such attacks. We construct two 6-round truncated differentials by precisely computing the propagation probabilities of selected truncated differences through the cipher’s matrix-multiplication layer and tracking their diffusion across rounds. We compute their exact probabilities and use them as distinguishers. By exploiting these two distinguishers, we mount two distinct 10-round truncated differential attacks on Midori-64, representing the first truncated differential attacks reported on the cipher. While the full-round design remains secure, one of our attacks ranks among the best known attacks on 10-round Midori-64.

Keywords

Differential Attack , Cryptanalysis , Truncated Differential Attack , Lightweight Block Cipher , Midori , Midori-64.

Supporting Institution

TÜBİTAK 1001 Project

Project Number

124F270

References

• A. Bogdanov, L. R. Knudsen, G. Leander, C. Paar, A. Poschmann, M. J. B. Robshaw, Y. Seurin, and C. Vikkelsoe, “PRESENT: An Ultra-Lightweight Block Cipher,” in Cryptographic Hardware and Embedded Systems – CHES 2007, ser. Lecture Notes in Computer Science, vol. 4727. Springer, 2007, pp. 450–466.
• Z. Gong, S. Nikova, and Y. W. Law, “KLEIN: A New Family of Lightweight Block Ciphers,” in RFID Security and Privacy – 7th Int. Workshop, RFIDSec 2011, ser. Lecture Notes in Computer Science, A. Juels and C. Paar, Eds., vol. 7055. Springer, 2011, pp. 1–18.
• J. Borghoff, A. Canteaut, T. Guneysu, E. B. Kavun, M. Knezevic, L. R. Knudsen, G. Leander, V. Nikov, C. Paar, C. Rechberger, P. Rombouts, S. S. Thomsen, and T. Yalc¸ın, “PRINCE– A Low-Latency Block Cipher for Pervasive Computing Applications – Extended Abstract,” in Advances in Cryptology – ASIACRYPT 2012, ser. Lecture Notes in Computer Science, vol. 7658. Springer, 2012, pp. 208–225.
• S. Banik, A. Bogdanov, T. Isobe, K. Shibutani, H. Hiwatari, T. Akishita, and F. Regazzoni, “Midori: A Block Cipher for Low Energy,” in Advances in Cryptology—ASIACRYPT 2015, ser. Lecture Notes in Computer Science, vol. 9453. Springer, 2015, pp. 411–436.
• E. Biham and A. Shamir, “Differential Cryptanalysis of The Full 16-Round DES,” in Annual international cryptology conference. Springer, 1992, pp. 487–496.
• E. Biham, A. Biryukov, and A. Shamir, “Cryptanalysis of Skipjack Reduced to 31 Rounds Using Impossible Differentials,” in Advances in Cryptology – EUROCRYPT ’99, ser. Lecture Notes in Computer Science, vol. 1592. Springer, 1999, pp. 12–23.
• L. R. Knudsen, “Truncated and Higher Order Differentials,” in Fast Software Encryption: Second International Workshop, Leuven, Belgium, December 14–16, 1994, Proceedings, ser. Lecture Notes in Computer Science, B. Preneel, Ed., vol. 1008. Springer, 1994, pp. 196–211.
• D. A. Wagner, “The Boomerang Attack,” in Fast Software Encryption, 6th International Workshop, FSE ’99, Rome, Italy, March 24–26, 1999, Proceedings, ser. Lecture Notes in Computer Science, L. R. Knudsen, Ed., vol. 1636. Springer, 1999, pp. 156–170.
• S. K. Langford and M. E. Hellman, “Differential-Linear Cryptanalysis,” in Advances in Cryptology – CRYPTO ’94, 14th Annual International Cryptology Conference, Santa Barbara, California, USA, August 21–25, 1994, Proceedings, ser. Lecture Notes in Computer Science, Y. Desmedt, Ed., vol. 839. Springer, 1994, pp. 17–25.
• G. Han and H. Zhao, “Revisited Security Evaluation on Midori64 against Differential Cryptanalysis,” KSII Trans. Internet Inf. Syst., vol. 18, no. 2, pp. 478–493, 2024.
• H. Zhao, G. Han, L. Wang, and W. Wang, “MILP-Based Differential Cryptanalysis on Round-Reduced Midori64,” IEEE Access, vol. 8, pp. 95 888–95 896, 2020.
• A. E. M. Moghaddam and Z. Ahmadian, “New Automatic Search Method for Truncated-Differential Characteristics Application to Midori, SKINNY and CRAFT,” Comput. J., vol. 63, pp. 1813–1825, 2020.
• X. Dong and Y. Shen, “Cryptanalysis of Reduced-Round Midori64 Block Cipher,” IACR Cryptol. ePrint Arch., p. 676, 2016.
• M. E. Gonen, M. S. Gundogan, and K. Otal, “Boomerang Attacks on Reduced-Round Midori64,” ISeCure, vol. 16, no. 2, 2024.
• E. Biham and A. Shamir, “Differential Cryptanalysis of DESlike Cryptosystems,” in Advances in Cryptology – CRYPTO ’90, Springer, Ed., 1990, vol. 537, pp. 2–21.
• L. Grassi, “Mixture Differential Cryptanalysis: A New Approach to Distinguishers and Attacks on Round-Reduced AES,” IACR Trans. Symmetric Cryptol., vol. 2018, no. 2, pp. 133–160, 2018.
• L. Grassi, C. Rechberger, and S. Rønjom, “A New StructuralDifferential Property of 5-Round AES,” in Advances in Cryptology - EUROCRYPT 2017 - 36th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Paris, France, April 30 - May 4, 2017, Proceedings, Part II, ser. Lecture Notes in Computer Science, J. Coron and J. B. Nielsen, Eds., vol. 10211, 2017, pp. 289–317.
• L. Grassi and C. Rechberger, “Truncated Differential Properties of the Diagonal Set of Inputs for 5-Round AES,” in Information Security and Privacy - 27th Australasian Conference, ACISP 2022, Wollongong, NSW, Australia, November 28-30, 2022, Proceedings, ser. Lecture Notes in Computer Science, K. Nguyen, G. Yang, F. Guo, and W. Susilo, Eds., vol. 13494. Springer, 2022, pp. 24–45.
• Z. Bao, J. Guo, and E. List, “Extended Truncated-Differential Distinguishers on Round-Reduced AES,” IACR Trans. Symmetric Cryptol., vol. 2020, no. 3, pp. 197–261, 2020.
• N. G. Bardeh and S. Rønjom, “The Exchange Attack: How to Distinguish Six Rounds of AES with 2^88.2 Chosen Plaintexts,” in Advances in Cryptology - ASIACRYPT 2019 - 25th International Conference on the Theory and Application of Cryptology and Information Security, Kobe, Japan, December 8-12, 2019, Proceedings, Part III, ser. Lecture Notes in Computer Science, S. D. Galbraith and S. Moriai, Eds., vol. 11923. Berlin, Heidelberg: Springer, 2019, pp. 347–370.
• H. Guo, Z. Zhang, Q. Yang, L. Hu, and Y. Luo, “A New Method To Find All The High-Probability Word-Oriented Truncated Differentials: Application To Midori, SKINNY And CRAFT,” The Computer Journal, vol. 66, no. 5, pp. 1069–1082, 2023.
• M. Eichlseder, G. Leander, and S. Rasoolzadeh, “Computing Expected Differential Probability of (Truncated) Differentials and Expected Linear Potential of (Multidimensional) Linear Hulls in SPN Block Ciphers,” in Progress in Cryptology – INDOCRYPT 2020, ser. Lecture Notes in Computer Science, vol. 12578. Springer, 2020, pp. 345–369.
• J. Guo, J. Jean, I. Nikolic, K. Qiao, Y. Sasaki, and S. M. Sim, “Invariant Subspace Attack Against Full Midori64,” IACR Cryptol. ePrint Arch., p. 1189, 2015.
• Y. Todo, G. Leander, and Y. Sasaki, “Nonlinear Invariant Attack: Practical Attack on Full SCREAM, iSCREAM, and Midori64,” J. Cryptol., vol. 32, no. 4, pp. 1383–1422, 2019.
• F. Demirbas and O. Kara, “Integral Characteristics by Keyspace Partitioning,” Des. Codes Cryptogr., vol. 90, no. 2, pp. 443–472, 2022.
• L. Lin and W. Wu, “Meet-in-the-Middle Attacks on ReducedRound Midori-64,” IACR Cryptol. ePrint Arch., p. 1165, 2015.
• X. Dong and Y. Shen, “Cryptanalysis of Reduced-Round Midori64 Block Cipher,” IACR Cryptol. ePrint Arch., p. 676, 2016.
• D. Gerault and P. Lafourcade, “Related-Key Cryptanalysis of Midori,” in Progress in Cryptology – INDOCRYPT 2016, ser. Lecture Notes in Comput. Sci., vol. 10095, 2016, pp. 287–304.
• Z. Chen, H. Chen, and X. Wang, “Cryptanalysis of Midori128 Using Impossible Differential Techniques,” in Information Security Practice and Experience (ISPEC) 2016, ser. Lecture Notes in Comput. Sci., vol. 10060, 2016, pp. 1–12.
• W. Li, L. Liao, D. Gu, S. Cao, Y. Wu, J. Li, Z. Zhou, Z. Guo, Y. Liu, and Z. Liu, “Ciphertext-Only Fault Analysis on the Midori Lightweight Cryptosystem,” Sci. China Inf. Sci., vol. 63, no. 3, 2020.
• L. Sun, W. Wang, and M. Wang, “MILP-Aided Bit-Based Division Property for Primitives with non-Bit-Permutation Linear Layers, ET Inf. Secur., vol. 14, no. 1, pp. 12–20, 2020.
• Y. Li, M. Wang, H. Ou, and S. Wang, “Improved Integral Analysis on Lightweight Block Cipher Midori,” in Proc. 2019 IEEE 5th Int. Conf. on Computer and Communications (ICCC), 2019, pp. 1494–1498.
• Y. Liu, Z. Xiang, S. Chen, S. Zhang, and X. Zeng, “A Novel Automatic Technique Based on MILP to Search for Impossible Differentials,” in Applied Cryptography and Network Security (ACNS) 2023, ser. Lecture Notes in Comput. Sci., vol. 13905, 2023, pp. 119–148.
• M. Li, J. Guo, J. Cui, and L. Xu, “Truncated Impossible Differential Cryptanalysis of Midori-64,” Journal of Software, vol. 30, no. 8, pp. 2337–2348, 2019.
• C. Balıkçı and O. Kara, “A 10-Round Attack on Midori-64,” in 2025 18th International Conference on Information Security and Cryptology (ISCTurkiye), 2025, pp. 1–6.
• J. Lu, O. Dunkelman, N. Keller, and J. Kim, “New Impossible Differential Attacks on AES,” in Progress in Cryptology - INDOCRYPT 2008, 9th International Conference on Cryptology in India, Kharagpur, India, December 14-17, 2008. Proceedings, ser. Lecture Notes in Computer Science, D. R. Chowdhury, V. Rijmen, and A. Das, Eds., vol. 5365. Berlin, Heidelberg: Springer, 2008, pp. 279–293.
• J. Guo, J. Jean, I. Nikolic, K. Qiao, Y. Sasaki, and S. M. Sim, “Invariant Subspace Attack Against Midori64 and The Resistance Criteria for S-box Designs,” IACR Trans. Symmetric Cryptol., vol. 2016, no. 1, pp. 33–56, 2016.
• Y. Todo and Y. Sasaki, “Designing S-Boxes Providing Stronger Security Against Differential Cryptanalysis for Ciphers Using Byte-Wise XOR,” in Selected Areas in Cryptography - 28th International Conference, SAC 2021, Virtual Event, September 29 - October 1, 2021, Revised Selected Papers, ser. Lecture Notes in Computer Science, R. AlTawy and A. Hulsing, Eds., vol. 13203. Springer, 2021, pp. 179–199.
• S. Samajder and P. Sarkar, “Rigorous Upper Bounds on Data Complexities of Block Cipher Cryptanalysis,” J. Math. Cryptol., vol. 11, pp. 147–175, 2017.