This paper analyzes the Piccolo family of lightweight block ciphers against the impossible differential cryptanalysis. A combination of some ploys such as decreasing the S-box computations, finding an appropriate propagation of differentials, utilizing hash tables and using the linearity of the key-schedule as well as disregarding subkeys of two rounds lead to 12-round and 13-round impossible differential attack on Piccolo-80 and 15-round attack on Piccolo-128. The time and data complexity of the attack against Piccolo-80 is and for 12-round and and for 13-round, respectively. Moreover, the time and data complexity for 15 rounds cryptanalysis of Piccolo-128 are and , respectively.
SummaryHIGHT is a lightweight block cipher introduced in CHES 2006 by Hong et al as a block cipher suitable for low-resource applications. In this paper, we propose improved impossible differential and biclique attacks on HIGHT block cipher both exploiting the permutation-based property of the cipher's key schedule algorithm as well as its low diffusion. For impossible differential attack, we found a new 17-round impossible differential characteristic that enables us to propose a new 27-round impossible differential attack. The total time complexity of the attack is 2 120.4 where an amount of 2 59.3 chosen plaintext-ciphertext pairs and 2 107.4 memory are required.We also instantiate a new biclique cryptanalysis of HIGHT, which is based on the new idea of splitting each of the forward and backward keys into 2 parts where the computations associated to each one are performed independently. The time complexity and data complexity of this attack are 2 125.7 and 2 42 , respectively. To the best of our knowledge, this is the fastest biclique attack on full-round HIGHT.
ARX algorithms are a class of symmetric-key algorithms constructed by Addition, Rotation, and XOR, which achieve the best software performances in low-end microcontrollers. To evaluate the resistance of an ARX cipher against differential cryptanalysis and its variants, the recent automated methods employ constraint satisfaction solvers, such as SMT solvers, to search for optimal characteristics. The main difficulty to formulate this search as a constraint satisfaction problem is obtaining the differential models of the non-linear operations, that is, the constraints describing the differential probability of each non-linear operation of the cipher. While an efficient bit-vector differential model was obtained for the modular addition with two variable inputs, no differential model for the modular addition by a constant has been proposed so far, preventing ARX ciphers including this operation from being evaluated with automated methods. In this paper, we present the first bit-vector differential model for the nbit modular addition by a constant input. Our model contains O(log 2 (n)) basic bit-vector constraints and describes the binary logarithm of the differential probability. We also represent an SMT-based automated method to look for differential characteristics of ARX, including constant additions, and we provide an open-source tool ArxPy to find ARX differential characteristics in a fully automated way. To provide some examples, we have searched for related-key differential characteristics of TEA, XTEA, HIGHT, and LEA, obtaining better results than previous works. Our differential model and our automated tool allow cipher designers to select the best constant inputs for modular additions and cryptanalysts to evaluate the resistance of ARX ciphers against differential attacks.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.