New Meet-in-the-Middle Attacks on FOX Block Cipher.

FOX block cipher was designed with a Lai–Massey scheme, in which the round function uses the Substitution-Permutation-Substitution structure. A meet-in-the-middle (MITM) attack is one of the most important issues for the security of the block cipher, which consists of a precomputation phase for constructing a distinguisher and an online phase for key recovery. This paper studies the MITM attacks against FOX. The first MITM distinguishers of 5-round FOX64, 7-round FOX64-256 and 5-round FOX128 are presented when using the differential enumeration technique with truncated differential characteristics. Then, based on these distinguishers, the attacks for key recovery on 7-round FOX64, 11-round FOX64-256 and 7-round FOX128 are presented with the state-test and state-search techniques. It is shown that the attack on 11-round FOX64-256 is proposed for the first time; attacks on 7-round FOX64 and 7-round FOX128 can be improved with lower time and memory complexities compared with the currently known attacks. [ABSTRACT FROM AUTHOR]