



























This note describes a weak-key attack on the tweakable block cipher Blink, which was recently introduced at FSE 2026. Specifically, it is shown that two rounds of Blink admit several nonlinear invariants. To illustrate that these invariants indeed lead to attacks, we describe a partial key-recovery attack on Blink-64 with data and time complexity $2^{23}$, for a fraction of $2^{-96}$ weak keys or tweaks. There is a trade-off between the fraction of weak keys and the data complexity, e.g., with $2^{56}$ data the fraction of weak keys increases to $2^{-63}$. The attack is based on the same strategy as our attack on Midori-64 from Asiacrypt 2018.
BibTeX
@misc{cryptoeprint:2026/624,
author = {Tim Beyne},
title = {Weak-key cryptanalysis of Blink},
howpublished = {Cryptology {ePrint} Archive, Paper 2026/624},
year = {2026},
url = {https://eprint.iacr.org/2026/624}
}
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。