Meet-in-the-Filter and Dynamic Counting with Applications to Speck.

We propose a new cryptanalytic tool for differential cryptanalysis, called meet-in-the-filter (MiF). It is suitable for ciphers with a slow or incomplete diffusion layer such as the ones based on Addition-Rotation-XOR (ARX). The MiF technique uses a meet-in-the-middle matching to construct differential trails connecting the differential’s output and the ciphertext difference. The proposed trails are used in the key recovery procedure, reducing time complexity and allowing flexible time-data trade-offs. In addition, we show how to combine MiF with a dynamic counting technique for key recovery. We illustrate MiF in practice by reporting improved attacks on the ARX -based family of block ciphers Speck. We improve the time complexities of the best known attacks up to 15 rounds of Speck 32 and 20 rounds of Speck 64/128. Notably, our new attack on 11 rounds of Speck 32 has practical analysis and data complexities of 2 24.66 and 2 26.70 respectively, and was experimentally verified, recovering the master key in a matter of seconds.