Weaknesses of some lightweight blockciphers suitable for IoT systems and their applications in hash modes

Twelve PGV models, MDC-2, and HIROSE, which are blockcipher-based hash functions, have been proven to be secure as hash functions when they are instantiated with ideal blockciphers. However, their security cannot be guaranteed when the base blockciphers use weak key-schedules. In this paper, we propose various related-key or chosen-key differential paths of Fantomas, Midori-128, GOST, and 12-round reduced AES-256 using key-schedules with weak diffusion effects. We then describe how these differential paths undermine the security of PGV models, MDC-2, or HIROSE. In addition, we show that the invariant subspace attacks on PRINT and Midori-64 can be transferred to collision attacks on their some hash modes.