Meet-in-the-Middle Attacks on Reduced-Round Hierocrypt-3

Hierocrypt-3 is an SPN-based block cipher designed by Toshiba Corporation. It operates on 128-bit state using either 128, 192 or 256-bit key. In this paper, we present two meet-in-the-middle attacks in the single-key setting on the 4-round reduced Hierocrypt-3 with 256-bit key. The first attack is based on the differential enumeration approach where we propose a truncated differential characteristic in the first 2.5 rounds and match a multiset of state differences at its output. The other attack is based on the original meet-in-the-middle attack strategy proposed by Demirci and Selçuk at FSE 2008 to attack reduced versions of both AES-192 and AES-256. For our attack based on the differential enumeration, the master key is recovered with data complexity of $$2^{113}$$2113 chosen plaintexts, time complexity of $$2^{238}$$2238 4-round reduced Hierocrypt-3 encryptions and memory complexity of $$2^{218}$$2218 128-bit blocks. The data, time and memory complexities of our second attack are $$2^{32}$$232, $$2^{245}$$2245 and $$2^{242}$$2242, respectively. To the best of our knowledge, these are the first attacks on 4-round reduced Hierocrypt-3.