State recovery attacks against π-cipher

Joseph Alley, Josef Pieprzyk

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contributionpeer-review

1 Citation (Scopus)


π-Cipher is one of the twenty-nine candidates in the second round of the CAESAR competition for authenticated ciphers. π-Cipher uses a parallel sponge construction, based upon an ARX permutation. This work shows several state recovery attacks, on up to three rounds. These attacks use known values in the function's bitrate, combined with values found through exhaustive search, to retrieve the remaining values in the internal state. These attacks can break one round, for any variant of π-Cipher, in negligible time. They can also break two or three rounds much faster than exhaustive search on the key, for some variants. However, these attacks only work against version 1 of π-Cipher, due to the differences in the padding function for version 2.0. To fill this gap, this work also includes a one round attack against version 2.0, building upon the distinguisher present in the π-Cipher submission document.

Original languageEnglish
Title of host publicationProceedings of the Australasian Computer Science Week Multiconference, ACSW 2016
Place of PublicationNew York
PublisherAssociation for Computing Machinery
Number of pages6
ISBN (Electronic)9781450340427
Publication statusPublished - 1 Feb 2016
Externally publishedYes
EventAustralasian Computer Science Week Multiconference, ACSW 2016 - Canberra, Australia
Duration: 1 Feb 20165 Feb 2016


OtherAustralasian Computer Science Week Multiconference, ACSW 2016


  • ARX
  • Cryptanalysis
  • Divide and conquer attack
  • Sponge construction
  • π-Cipher


Dive into the research topics of 'State recovery attacks against π-cipher'. Together they form a unique fingerprint.

Cite this