Challenge
If Saturnin makes it to the third round of the NIST lightweight cryptography process, we would like to add to our submission a QCB version of Saturnin: Saturnin-QCB, combining this newly proposed mode [pdf] with the 16 Super-round version of Saturnin.
As this version uses a tweak added to the key, related-key security seems particularly relevant in this scenario.
To encourage third-party related-key cryptanalysis on round-reduced versions of the Saturnin instances used in this new proposal, we launch the following challenges, detailed below.
The teams proposing the first results in each category will be the winners of a batch of typical French and duck-related prizes, that will depend on the challenge solved. These prizes will be awarded at the end of March 2021. Please send us your results if you want to take part in the challenge to the following address:
maria.naya_plasencia \at\ inria.fr.
Both classical and quantum attacks are accepted.
Category 1: related-key attacks on reduced-round Saturnin
Our best attack, that can be found in the following note, reaches up to 10 rounds classically.
Rounds |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
Authors |
Saturnin team |
|
|
|
|
|
|
Complexity |
2236 (classical) |
|
|
|
|
|
|
Category 2: Saturnin-QCB
Prizes will also be awarded to the best cryptanalysis results (number of rounds, practicality) against Saturnin-QCB. For these attacks, the IV can be either adversary-controlled, or random (the latter being the most difficult, and thus the most interesting).
Rounds |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
Authors |
|
|
|
|
|
|
|
|
Complexity |
|
|
|
|
|
|
|
|