We investigated the application of cube attacks to MORUS , a candidate in the CAESAR competition. We applied the cube attack to a version of MORUS where the initialization phase is reduced from 16 steps to 4. Our analysis shows that the cube attack can successfully recover the secret key of MORUS -640 with a total complexity of about 2 10 for this reduced version, and similarly for MORUS -1280 with complexity 2 9 . Additionally, we obtained cubes resulting in distinguishers for 5 steps of the initialization of MORUS -1280; these can distinguish the cipher output function from a random function with complexity of 2 8 . All our attacks are verified experimentally. Currently, the cube attack does not threaten the security of MORUS if the full initialization phase is performed.

Load

Load