Cryptanalysis of KLEIN

Lallemand, Virginie; Naya-Plasencia, Maŕıa

doi:10.1007/978-3-662-46706-0_23

Cited by 18 publications

(18 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In the next application we consider the lightweight block cipher KLEIN [GNL12]. Its 64-bit key version, KLEIN-64, has been recently broken [LN14] by a truncated differential last-rounds attack. When quantizing this attack, we show that it no longer works in the quantum world, and therefore KLEIN-64 is no longer broken.…”

Section: Q2mentioning

confidence: 99%

Quantum Differential and Linear Cryptanalysis

Leurent

Kaplan

Leverrier

et al. 2016

ToSC

Self Cite

View full text Add to dashboard Cite

Quantum computers, that may become available one day, would impact many scientific fields, most notably cryptography since many asymmetric primitives are insecure against an adversary with quantum capabilities. Cryptographers are already anticipating this threat by proposing and studying a number of potentially quantum-safe alternatives for those primitives. On the other hand, symmetric primitives seem less vulnerable against quantum computing: the main known applicable result is Grover’s algorithm that gives a quadratic speed-up for exhaustive search. In this work, we examine more closely the security of symmetric ciphers against quantum attacks. Since our trust in symmetric ciphers relies mostly on their ability to resist cryptanalysis techniques, we investigate quantum cryptanalysis techniques. More specifically, we consider quantum versions of differential and linear cryptanalysis. We show that it is usually possible to use quantum computations to obtain a quadratic speed-up for these attack techniques, but the situation must be nuanced: we don’t get a quadratic speed-up for all variants of the attacks. This allows us to demonstrate the following non-intuitive result: the best attack in the classical world does not necessarily lead to the best quantum one. We give some examples of application on ciphers LAC and KLEIN. We also discuss the important difference between an adversary that can only perform quantum computations, and an adversary that can also make quantum queries to a keyed primitive.

show abstract

Section: Q2mentioning

confidence: 99%

Quantum Differential and Linear Cryptanalysis

Leurent

Kaplan

Leverrier

et al. 2016

ToSC

Self Cite

View full text Add to dashboard Cite

show abstract

“…Therefore, the computational complexity of one direction can be reduced by a factor of 2 6 and the size of the matching point is also reduced from 32 bits to 13 × 2 = 26 bits (2 13 bits for one MixColumn). The expected number of matches 2 6r−6−26 = 2 6r−32 in the MITMs is not affected since the size of matching sets and the size of the filter are both reduced by a factor of 2 6 . The complexity of the attack on even number of rounds cannot be reduced using this technique, as we are able to apply the reduction only in one round and, more importantly, in one direction of the MITM -the second would remain the same thus the combined complexity would stay intact.…”

Section: Attack Algorithm and Its Improvementsmentioning

confidence: 98%

“…Yu et al also proposed an integral attack on 7-round Klein-64 and 8-round Klein-80. At the Rump Session of FSE 2013, Lallemand and Naya-Plasencia [6] announced improved attacks on Klein, including full-round attack on Klein-64 as well as improved attacks on Klein-80 and Klein-96.…”

Section: Introductionmentioning

confidence: 99%

The parallel-cut meet-in-the-middle attack

Nikolić

Wang

Wu³

2014

Cryptogr. Commun.

View full text Add to dashboard Cite

Abstract. We propose a new type of meet-in-the-middle attack that splits the cryptographic primitive in parallel to the execution of the operations. The result of the division are two primitives that have smaller input sizes and thus require lower attack complexities. However, the division is not completely independent and the sub-primitives depend (output of one is the input for the other) mutually on a certain number of bits. When the number of such bits is relatively small, we show a technique based on three classical meet-in-the-middle attacks that can recover the secret key of the cipher faster than an exhaustive search. We apply our findings to the lightweight block cipher Klein and show attacks on 10/11/13 rounds of Klein-64/-80/-96. Our approach requires only one or two pairs of known plaintexts and always recovers the secret key.

show abstract

“…In , an optimized exhaustive key‐search attack has been proposed on full‐round KLEIN by using the Biclique cryptanalysis. At FSE 2014, Lallemand and Plasencia exploited the flaw in the MixNibbles step of KLEIN, which can be used to reduce the complexity of differential attacks . Although the previously mentioned attacks enlarge the view of the security of KLEIN, both their storage and computational complexities are not acceptable to recover master key from a full‐round KLEIN.…”

Section: Attacking Klein Via Power Analysis On Fpgasmentioning

confidence: 99%

Power analysis attacks against FPGA implementation of KLEIN

Tang

et al. 2016

Security Comm Networks

View full text Add to dashboard Cite

KLEIN is a family of block ciphers whose lightweight features are suitable for resource‐constrained devices. However, the original design of KLEIN does not consider the potential attacks by power analysis methods. This paper presents power analysis attacks against an field‐programmable gate array (FPGA) implementation of KLEIN by the authors of KLEIN. The attacking strategy, attacking point, and complexity of our attacks via power analysis against KLEIN are discussed in detail. Besides, the implementation of the attacks is also described, and the experimental data is given. A lot of attacking experiments are launched by this paper; the best method in our experiment is Correlation Power Analysis (CPA) attack that requires only 4000 random plaintexts and 115 s to reveal the 64‐bit key of KLEIN, with the storage complexity nearly 212 and the success probability of attack nearly 100%. Finally, a defensive countermeasure against our attacks is proposed. Copyright © 2017 John Wiley & Sons, Ltd.

show abstract

Cryptanalysis of KLEIN

Cited by 18 publications

References 18 publications

Quantum Differential and Linear Cryptanalysis

Quantum Differential and Linear Cryptanalysis

The parallel-cut meet-in-the-middle attack

Power analysis attacks against FPGA implementation of KLEIN

Contact Info

Product

Resources

About