We investigated the application of cube attacks to MORUS, a candidate in the CAESAR competition. We applied the cube attack to a version of MORUS where the initialization phase is reduced from 16 steps to 4. Our analysis shows that the cube attack can successfully recover the secret key of MORUS-640 with a total complexity of about 2~(10) for this reduced version, and similarly for MORUS-1280 with complexity 2~9. Additionally, we obtained cubes resulting in distinguishers for 5 steps of the initialization of MORUS-1280; these can distinguish the cipher output function from a random function with complexity of 2~8. All our attacks are verified experimentally. Currently, the cube attack does not threaten the security of MORUS if the full initialization phase is performed.
展开▼