Related-Tweak and Related-Key Differential Attacks on HALFLOOP-48

HALFLOOP-48 is a 48-bit tweakable block cipher used in high frequency radio to protect automatic link establishment messages. We concentrate on its differential properties. Using the automatic method, we determine the lower bound for the number of active S-boxes and the upper bound for the differential probability for the conventional, related-tweak, and related-key differential attack settings. The newly identified 6-round related-tweak differential is utilised to initiate an 8-round related-tweak differential attack against the cipher. With 233.27 chosen-plaintexts and 292.71 8-round encryptions, the 128-bit key can be recovered. In addition, we find an 8-round related-key differential with a probability of 2-46.88 and employ it to develop a full-round related-key differential attack. The full-round attack is marginal, and the 128-bit key can be retrieved using 247.34 chosen-plaintexts and 2123.91 full-round encryptions. Despite the impractical complexity of the newly proposed attacks, the security of HALFLOOP-48 in the related-key attack setting is compromised. Therefore, we assert that caution is necessary to prevent misuse.