Key recovery attack for PRESENT using slender-set linear cryptanalysis

2016 ◽  
Vol 59 (3) ◽  
Author(s):  
Guoqiang Liu ◽  
Chenhui Jin ◽  
Zhiyin Kong
Keyword(s):  
Linear Cryptanalysis ◽  
Key Recovery ◽  
Key Recovery Attack

scholarly journals Cryptanalysis of Round-Reduced Fantomas, Robin and iSCREAM

Cryptography ◽  
2019 ◽  
Vol 3 (1) ◽  
pp. 4 ◽  
Author(s):  
Ashutosh Dwivedi ◽  
Shalini Dhar ◽  
Gautam Srivastava ◽  
Rajani Singh
Keyword(s):  
Side Channel ◽  
Linear Cryptanalysis ◽  
Key Recovery ◽  
Side Channel Analysis ◽  
Linear Characteristic ◽  
Random Behavior ◽  
Channel Analysis ◽  
Key Recovery Attack

In this work, we focus on LS-design ciphers Fantomas, Robin, and iSCREAM. LS-designs are a family of bitslice ciphers aimed at efficient masked implementations against side-channel analysis. We have analyzed Fantomas and Robin with a technique that previously has not been applied to both algorithms or linear cryptanalysis. The idea behind linear cryptanalysis is to build a linear characteristic that describes the relation between plaintext and ciphertext bits. Such a relationship should hold with probability 0.5 (bias is zero) for a secure cipher. Therefore, we try to find a linear characteristic between plaintext and ciphertext where bias is not equal to zero. This non-random behavior of cipher could be converted to some key-recovery attack. For Fantomas and Robin, we find 5 and 7-round linear characteristics. Using these characteristics, we attack both the ciphers with reduced rounds and recover the key for the same number of rounds. We also apply linear cryptanalysis to the famous CAESAR candidate iSCREAM and the closely related LS-design Robin. For iScream, we apply linear cryptanalysis to the round-reduced cipher and find a 7-round best linear characteristics. Based on those linear characteristics we extend the path in the related-key scenario for a higher number of rounds.

scholarly journals New Linear Cryptanalysis of Chinese Commercial Block Cipher Standard SM4

2017 ◽  
Vol 2017 ◽  
pp. 1-10
Author(s):  
Yu Liu ◽  
Huicong Liang ◽  
Wei Wang ◽  
Meiqin Wang
Keyword(s):  
Wireless Communication ◽  
Linear Approximation ◽  
Block Cipher ◽  
Linear Cryptanalysis ◽  
Key Recovery ◽  
Linear Approximations ◽  
Partial Linear ◽  
Key Recovery Attack ◽  
Better Than

SM4 is a Chinese commercial block cipher standard used for wireless communication in China. In this paper, we use the partial linear approximation table of S-box to search for three rounds of iterative linear approximations of SM4, based on which the linear approximation for 20-round SM4 has been constructed. However, the best previous identified linear approximation only covers 19 rounds. At the same time, a linear approximation for 19-round SM4 is obtained, which is better than the known results. Furthermore, we show the key recovery attack on 24-round SM4 which is the best attack according to the number of rounds.

scholarly journals Linear Cryptanalyses of Three AEADs with GIFT-128 as Underlying Primitives

2021 ◽  
pp. 199-221
Author(s):  
Ling Sun ◽  
Wei Wang ◽  
Meiqin Wang
Keyword(s):  
Linear Approximation ◽  
Boolean Satisfiability ◽  
Satisfiability Problem ◽  
Linear Cryptanalysis ◽  
Key Recovery ◽  
Boolean Satisfiability Problem ◽  
Automatic Search ◽  
Key Recovery Attack ◽  
Key Recovery Attacks ◽  
Associated Data

This paper considers the linear cryptanalyses of Authenticated Encryptions with Associated Data (AEADs) GIFT-COFB, SUNDAE-GIFT, and HyENA. All of these proposals take GIFT-128 as underlying primitives. The automatic search with the Boolean satisfiability problem (SAT) method is implemented to search for linear approximations that match the attack settings concerning these primitives. With the newly identified approximations, we launch key-recovery attacks on GIFT-COFB, SUNDAE-GIFT, and HyENA when the underlying primitives are replaced with 16-round, 17-round, and 16-round versions of GIFT-128. The resistance of GIFT-128 against linear cryptanalysis is also evaluated. We present a 24-round key-recovery attack on GIFT-128 with a newly obtained 19-round linear approximation. We note that the attack results in this paper are far from threatening the security of GIFT-COFB, SUNDAE-GIFT, HyENA, and GIFT-128.

scholarly journals Towards Key-recovery-attack Friendly Distinguishers: Application to GIFT-128

2021 ◽  
pp. 156-184
Author(s):  
Rui Zong ◽  
Xiaoyang Dong ◽  
Huaifeng Chen ◽  
Yiyuan Luo ◽  
Si Wang ◽  
...  
Keyword(s):  
Block Cipher ◽  
Recovery Process ◽  
Low Complexity ◽  
Differential Cryptanalysis ◽  
Linear Cryptanalysis ◽  
Linear Hull ◽  
Differential Attack ◽  
Key Recovery ◽  
Key Recovery Attack

When analyzing a block cipher, the first step is to search for some valid distinguishers, for example, the differential trails in the differential cryptanalysis and the linear trails in the linear cryptanalysis. A distinguisher is advantageous if it can be utilized to attack more rounds and the amount of the involved key bits during the key-recovery process is small, as this leads to a long attack with a low complexity. In this article, we propose a two-step strategy to search for such advantageous distinguishers. This strategy is inspired by the intuition that if a differential is advantageous only when some properties are satisfied, then we can predefine some constraints describing these properties and search for the differentials in the small set.As applications, our strategy is used to analyze GIFT-128, which was proposed in CHES 2017. Based on some 20-round differentials, we give the first 27-round differential attack on GIFT-128, which covers one more round than the best previous result. Also, based on two 17-round linear trails, we give the first linear hull attack on GIFT-128, which covers 22 rounds. In addition, we also give some results on two GIFT-128 based AEADs GIFT-COFB and SUNDAE-GIFT.

scholarly journals Cryptanalysis of Loiss Stream Cipher-Revisited

2014 ◽  
Vol 2014 ◽  
pp. 1-7
Author(s):  
Lin Ding ◽  
Chenhui Jin ◽  
Jie Guan ◽  
Qiuyan Wang
Keyword(s):  
Time Complexity ◽  
Stream Cipher ◽  
Linear Equations ◽  
Data Complexity ◽  
Secret Key ◽  
Key Recovery ◽  
Systems Of Linear Equations ◽  
Key Recovery Attack ◽  
Better Than

Loiss is a novel byte-oriented stream cipher proposed in 2011. In this paper, based on solving systems of linear equations, we propose an improved Guess and Determine attack on Loiss with a time complexity of 2231and a data complexity of 268, which reduces the time complexity of the Guess and Determine attack proposed by the designers by a factor of 216. Furthermore, a related key chosenIVattack on a scaled-down version of Loiss is presented. The attack recovers the 128-bit secret key of the scaled-down Loiss with a time complexity of 280, requiring 264chosenIVs. The related key attack is minimal in the sense that it only requires one related key. The result shows that our key recovery attack on the scaled-down Loiss is much better than an exhaustive key search in the related key setting.

scholarly journals Multidimensional linear cryptanalysis with key difference invariant bias for block ciphers

Cybersecurity ◽  
2021 ◽  
Vol 4 (1) ◽  
Author(s):  
Wenqin Cao ◽  
Wentao Zhang
Keyword(s):  
Time Complexity ◽  
Block Ciphers ◽  
Linear Cryptanalysis ◽  
Compression Technique ◽  
Key Recovery ◽  
Linear Approximations ◽  
Theoretical Advantage ◽  
Multidimensional Linear ◽  
Multidimensional Linear Cryptanalysis ◽  
Key Recovery Attacks

AbstractFor block ciphers, Bogdanov et al. found that there are some linear approximations satisfying that their biases are deterministically invariant under key difference. This property is called key difference invariant bias. Based on this property, Bogdanov et al. proposed a related-key statistical distinguisher and turned it into key-recovery attacks on LBlock and TWINE-128. In this paper, we propose a new related-key model by combining multidimensional linear cryptanalysis with key difference invariant bias. The main theoretical advantage is that our new model does not depend on statistical independence of linear approximations. We demonstrate our cryptanalysis technique by performing key recovery attacks on LBlock and TWINE-128. By using the relations of the involved round keys to reduce the number of guessed subkey bits. Moreover, the partial-compression technique is used to reduce the time complexity. We can recover the master key of LBlock up to 25 rounds with about 260.4 distinct known plaintexts, 278.85 time complexity and 261 bytes of memory requirements. Our attack can recover the master key of TWINE-128 up to 28 rounds with about 261.5 distinct known plaintexts, 2126.15 time complexity and 261 bytes of memory requirements. The results are the currently best ones on cryptanalysis of LBlock and TWINE-128.

Sign in / Sign up

Export Citation Format

Share Document