Improved Security Evaluation of SPN Block Ciphers and its Applications in the Single-key Attack on SKINNY

Zhang, Wenying; Cao, Martine; Guo, Jian; Pašalić, Enes

doi:10.46586/tosc.v2019.i4.171-191

Cited by 6 publications

(3 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Zhang et al. [21] proposed a method to use algebraic expressions to express the dependencies of intermediate states on the outputs. Inspired by this method, the output difference of the 84‐round ciphertext is expressed by the 97‐round ciphertext and subkeys.…”

Section: Key Recovery Attack Of Katan32mentioning

confidence: 99%

Conditional differential analysis on the KATAN ciphers based on deep learning

Lin

Hou

et al. 2022

IET Information Security

View full text Add to dashboard Cite

KATAN ciphers are block ciphers using non‐linear feedback shift registers. In this study, the authors improve the results of conditional differential analysis on KATAN by using deep learning. Multi‐differential neural distinguishers are built to improve the accuracy of the neural distinguishers and increase the number of its rounds. Moreover, a conditional differential analysis framework is proposed based on deep learning with the multi‐differential neural distinguishers, resulting in a significant improvement than the previous. We present a practical key recovery attack on the 97‐round KATAN32 with 215.5 data complexity and 220.5 time complexity. The attack of the 82‐round KATAN48 and 70‐round KATAN64 are also presented as the best known practical results.

show abstract

Section: Key Recovery Attack Of Katan32mentioning

confidence: 99%

Conditional differential analysis on the KATAN ciphers based on deep learning

Lin

Hou

et al. 2022

IET Information Security

View full text Add to dashboard Cite

show abstract

“…Key-Recovery Attack on 97-Round KATAN32. Inspired by the technique representing the dependence of the intermediate state on the output by an algebraic representation in [34], we give the algebraic representation of the intermediate state using the ciphertext and round keys. Using Equations ( 2) and ( 3), we can get the expression of l t , s t in decryption direction:…”

Section: -Bit Keymentioning

confidence: 99%

Improved Conditional Differential Analysis on NLFSR Based Block Cipher KATAN32 with MILP

Xing

Zhang

Han

2021

Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

Self Cite

View full text Add to dashboard Cite

In this paper, a new method for constructing a Mixed Integer Linear Programming (MILP) model on conditional differential cryptanalysis of the nonlinear feedback shift register-(NLFSR-) based block ciphers is proposed, and an approach to detecting the bit with a strongly biased difference is provided. The model is successfully applied to the block cipher KATAN32 in the single-key scenario, resulting in practical key-recovery attacks covering more rounds than the previous. In particular, we present two distinguishers for 79 and 81 out of 254 rounds of KATAN32. Based on the 81-round distinguisher, we recover 11 equivalent key bits of 98-round KATAN32 and 13 equivalent key bits of 99-round KATAN32. The time complexity is less than 2 31 encryptions of 98-round KATAN32 and less than 2 33 encryptions of 99-round KATAN32, respectively. Thus far, our results are the best known practical key-recovery attacks for the round-reduced variants of KATAN32 regarding the number of rounds and the time complexity. All the results are verified experimentally.

show abstract

“…From the per-SKINNY spective of distinguishing attacks, the cryptanalysts try to construct an impossible differential which covers as many rounds as possible. At EUROCRYPT 2016, Sun et al proved that the upper bound on the length of impossible differentials of substitution-permutation network (SPN) structure by the primitive index of the linear layers [12] without considering the details inside Sboxes. Inspired by this method, Zhang et al evaluated the resistance of SPN block cipher against impossible differential attack by counting the occurrences of the plaintext (ciphertext) words appearing in the expression of the internal state words [13].…”

Section: Introductionmentioning

confidence: 99%

Constructing the Impossible Differential of Type-II GFN with Boolean Function and Its Application to WARP

Shi,

Liu,

2024

Chinese J. Elect.

View full text Add to dashboard Cite

Type-II generalized Feistel network (GFN) has attracted a lot of attention for its simplicity and high parallelism. Impossible differential attack is one of the powerful cryptanalytic approaches for word-oriented block ciphers such as Feistel-like ciphers. We deduce the impossible differential of Type-II GFN by analyzing the Boolean function in the middle round. The main idea is to investigate the expression with the variable representing the plaintext (ciphertext) difference words for the internal state words. By adopting the miss-in-the-middle approach, we can construct the impossible differential of Type-II GFN. As an illustration, we apply this approach to WARP, a lightweight 128-bit block cipher with a 128-bit key which was presented by Banik et al. at SAC 2020. The structure of WARP is a 32-branch Type-II GFN. Therefore, we find two 21-round truncated impossible differentials and implement a 32-round key recovery attack on WARP. For the 32-round key recovery attack on WARP, some observations are used to mount an effective attack. Taking the advantage of the early abort technique, the data, time, and memory complexities are 2 125.69 chosen plaintexts, 2 126.68 32-round encryptions, and 2 100 -bit, repectively. To the best of our knowledge, this is the best attack on WARP in the single-key scenario.

show abstract

Improved Security Evaluation of SPN Block Ciphers and its Applications in the Single-key Attack on SKINNY

Cited by 6 publications

References 7 publications

Conditional differential analysis on the KATAN ciphers based on deep learning

Conditional differential analysis on the KATAN ciphers based on deep learning

Improved Conditional Differential Analysis on NLFSR Based Block Cipher KATAN32 with MILP

Constructing the Impossible Differential of Type-II GFN with Boolean Function and Its Application to WARP

Contact Info

Product

Resources

About