Bit-Pattern Based Integral Attack

Z’aba, Muhammad Reza; Raddum, Håvard; Henricksen, Matt; Dawson, Ed

doi:10.1007/978-3-540-71039-4_23

Cited by 56 publications

(16 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…M.R. Z'aba et al applied an integral attack for bit-patterns, and showed that 7-round PRESENT can be attacked [7]. M. Wang demonstrates 16-round PRESENT can be attacked by differential cryptanalysis [6].…”

Section: Introductionmentioning

confidence: 99%

Weak Keys of Reduced-Round PRESENT for Linear Cryptanalysis

Ohkuma

2009

Selected Areas in Cryptography

View full text Add to dashboard Cite

The block cipher PRESENT designed as an ultra-light weight cipher has a 31-round SPN structure in which the S-box layer has 16-parallel 4-bit S-boxes and the diffusion layer is a bit permutation. The designers claimed that the maximum linear characteristic deviation is not more than 2 −43 for 28 rounds and concluded that PRESENT is not vulnerable to linear cryptanalysis. But we have found that 32% of PRESENT keys are weak for linear cryptanalysis, and the linear deviation can be much larger than the linear characteristic value by the multi-path effect. And we discovered a 28-round path with a linear deviation of 2 −39.3 for the weak keys. Furthermore, we found that linear cryptanalysis can be used to attack up to 24 rounds of PRESENT for the weak keys.

show abstract

Section: Introductionmentioning

confidence: 99%

Weak Keys of Reduced-Round PRESENT for Linear Cryptanalysis

Ohkuma

2009

Selected Areas in Cryptography

View full text Add to dashboard Cite

show abstract

“…After the first round, we have, in fact, 2 12 sets of 2 4 plaintexts ready for the 5-round attack. So, data and time complexity have to be multiplied by a factor of 2 12 (in comparison to the 5-round attack). Thus, required data is 6 · 2 16 chosen plaintexts and time is 2 41 .…”

Section: -Round Attackmentioning

confidence: 99%

“…For example, '00000000' (8 zeros) is called the constant pattern, while '11110000' is the active pattern denoted by a 2 . According to the notation introduced in [12], we have the following patters:…”

Section: Bit-pattern Based Integral Attackmentioning

confidence: 99%

Practical attacks on the round‐reduced PRINCE

Morawiecki

2017

IET Information Security

View full text Add to dashboard Cite

The PRINCE cipher is the result of a cooperation between the Technical University of Denmark (DTU), NXP Semiconductors and the Ruhr University Bochum. The cipher was designed to reach an extremely low-latency encryption and instant response time. PRINCE has already gained a lot of attention from the academic community, however, most of the attacks are theoretical, usually with very high time or data complexity. Our work helps to fill the gap in more practically oriented attacks, with more realistic scenarios and complexities. We present new attacks, up to 7 rounds, relying on integral and higher-order differential cryptanalysis.A need of low-cost cryptosystems for several fast-growing applications, such as RFID tags, sensor networks or Internet of Things, has drawn great attention to the area of lightweight cryptographic primitives over the last decade. It has been a vibrant research area, where a good trade-off between security and efficiency is a particularly challenging task. Some well established algorithms (e.g., AES[5]) may not meet the basic requirements of constrained devices -low cost hardware implementation, low power usage and latency.Recently, at Asiacrypt 2012 conference, a new lightweight block cipher called PRINCE has been proposed [2]. PRINCE is the result of a cooperation between the Technical University of Denmark (DTU), NXP Semiconductors and the Ruhr University Bochum. The cipher was designed to reach an extremely low-latency encryption and instant response time. These requirements are highly desirable for applications such as instant authentication or block-wise read/write access to memory devices, e.g., in solid-state hard disks.For PRINCE -a serious proposal with a clear motivation from industry -it is very important to estimate the security margin, particularly for practical settings, regarding a future deployment of the cipher. Too conservative design (e.g., too many rounds) might result in the algorithm below industry expectations. On the other hand, insufficient level of security will make the users and customers reluctant to deploy and use the algorithm.PRINCE has already gained a lot of attention from the academic community and some interesting cryptanalysis has been published [3,7,10,11]. However, most of the attacks are theoretical, usually with very high time or data complexity. To spur on more practically oriented research, PRINCE designers launched 'PRINCE challenge' [1] -a competition where cryptanalysts are encouraged to find key recovery attacks with time complexity below 2 64 and a number of plaintexts set to a more realistic scenario.Our contribution helps to fill the gap in the practical attacks on PRINCE, giving a better estimation of the security margin. Table 1 summarizes our results. Related workAs stated, most of published work on PRINCE are theoretical attacks. Though, there are a few attack with practical complexities. In [7], the integral attack was described, up to 6 rounds.

show abstract

“…Traditionally, integral cryptanalysis [23] is not well-suited to be applied on bit-based block ciphers such as I-PRESENT TM and PRESENT. However, by carefully inspecting the propagation of the inputs, the attack is still possible to be applied [24]. The best known integral attack on PRESENT is on 10 rounds [25] which is much less than the total number of rounds of present.…”

Section: Integral Cryptanalysismentioning

confidence: 99%

I-PRESENT<sup>TM</sup>: An Involutive Lightweight Block Cipher

Z’aba¹,

Jamil

Rusli

et al. 2014

JIS

Self Cite

View full text Add to dashboard Cite

This paper proposes a new involutive light-weight block cipher for resource-constraint environments called I-PRESENT TM . The design is based on the Present block cipher which is included inthe ISO/IEC 29192 standard on lightweight cryptography. The advantage of I-PRESENT TM is that the cipher is involutive such that the encryption circuit is identical to decryption. This is an advantage for environments which require the implementation of both circuits. The area requirement of I-PRESENT TM compares reasonably well with other similar ciphers such as PRINCE.

show abstract

Bit-Pattern Based Integral Attack

Cited by 56 publications

References 11 publications

Weak Keys of Reduced-Round PRESENT for Linear Cryptanalysis

Weak Keys of Reduced-Round PRESENT for Linear Cryptanalysis

Practical attacks on the round‐reduced PRINCE

I-PRESENT<sup>TM</sup>: An Involutive Lightweight Block Cipher

Contact Info

Product

Resources

About

Bit-Pattern Based Integral Attack

Cited by 56 publications

References 11 publications

Weak Keys of Reduced-Round PRESENT for Linear Cryptanalysis

Weak Keys of Reduced-Round PRESENT for Linear Cryptanalysis

Practical attacks on the round‐reduced PRINCE

I-PRESENT&lt;sup&gt;TM&lt;/sup&gt;: An Involutive Lightweight Block Cipher

Contact Info

Product

Resources

About

I-PRESENT<sup>TM</sup>: An Involutive Lightweight Block Cipher