scholarly journals Zero-Correlation Linear Cryptanalysis on SPARX-64

2021 ◽  
Vol 2021 ◽  
pp. 1-11
Author(s):  
Dawei Zhou ◽  
Huaifeng Chen ◽  
Rui Zong ◽  
Ningning Song
Keyword(s):  
Block Ciphers ◽  
Third Party ◽  
Linear Cryptanalysis ◽  
Multiple Zero ◽  
Zero Correlation ◽  
Linear Attack ◽  
Attack Models

SPARX is a family of ARX-based block ciphers designed according to the long-trail strategy, which has 32-bit ARX-based SBoxes and has provable bounds against single-differential and single-linear cryptanalysis. Since its proposation, some third-party cryptanalysis methods have been presented. As far as we know, the best attacks against SPARX-64 covered 16 (out of 24) rounds. In this paper, we propose zero-correlation linear attacks on SPARX-64. At first, we construct some new zero-correlation linear distinguishers covering 14-round and 15-round SPARX-64. Then, 15,16,17 and 18-round versions can be attacked using multidimensional or multiple zero-correlation linear attack models, under DKP(distinct known plaintexts) settings. These are the best attacks against SPARX-64 up to now, regarding to the number of attacked rounds. Finally, we transform the zero-correlation distinguishers into integral ones using existing methods, which are also longer than the ones proposed by the designers.

scholarly journals Generalized differential-linear cryptanalysis of block cipher

Radiotekhnika ◽  
2021 ◽  
pp. 5-15
Author(s):  
A.N. Alekseychuk
Keyword(s):  
Block Cipher ◽  
Block Ciphers ◽  
Linear Cryptanalysis ◽  
Information Complexity ◽  
The Matrix ◽  
First Results ◽  
Scientific Substantiation ◽  
The Subject ◽  
Linear Attack ◽  
Generalized Differential

Differential-linear cryptanalysis of block ciphers was proposed in 1994. It turns out to be more efficient in comparison with (separately) differential and linear cryptanalytic methods, but its scientific substantiation remains the subject of further research. There are several publications devoted to formalization of differential-linear cryptanalysis and clarification of the conditions under which its complexity can be mathematically accurately assessed. However, the problem of the differential-linear cryptanalytic method substantiation remains completely unresolved. This paper  presents first results obtained by the author in the direction of solving this problem. The class of differential-linear attacks on block ciphers is expanded. Namely, both distinguishing attacks and attacks aimed at recovering one bit of information about a key are considered. In this case, no assumptions are made (as in well-known publications) about the possibility of representing the cipher in the form of some two components. Lower bounds of information complexity of these attacks are obtained. The expressions of these bounds depend on the averaged (by keys) values of the elements’ squares of the generalized autocorrelation table of the encryption transformation. In contrast to the known ones, the obtained bounds are not based on any heuristic assumptions about the investigated block ciphers and are valid for a wider class of attacks as compared to the traditional differential-linear attack. Relations between, respectively, differential, linear and differential-linear properties of bijective Boolean mappings are given. In contrast to the well-known works, the matrix form of the relations is used that makes it possible to clarify better their essence and simplify the proofs. A new relation is derived for the elements of the generalized autocorrelation table of the encryption transformation of the product of two block ciphers, which may be useful in further research.

scholarly journals Zero-Correlation Attacks on Tweakable Block Ciphers with Linear Tweakey Expansion

2019 ◽  
pp. 192-235
Author(s):  
Ralph Ankele ◽  
Christoph Dobraunig ◽  
Jian Guo ◽  
Eran Lambooij ◽  
Gregor Leander ◽  
...  
Keyword(s):  
Block Ciphers ◽  
Research Field ◽  
Linear Cryptanalysis ◽  
Data Path ◽  
Zero Correlation ◽  
Active Research ◽  
Correlation Attacks ◽  
First Time

The design and analysis of dedicated tweakable block ciphers is a quite recent and very active research field that provides an ongoing stream of new insights. For instance, results of Kranz, Leander, and Wiemer from FSE 2017 show that the addition of a tweak using a linear tweak schedule does not introduce new linear characteristics. In this paper, we consider – to the best of our knowledge – for the first time the effect of the tweak on zero-correlation linear cryptanalysis for ciphers that have a linear tweak schedule. It turns out that the tweak can often be used to get zero-correlation linear hulls covering more rounds compared to just searching zero-correlation linear hulls on the data-path of a cipher. Moreover, this also implies the existence of integral distinguishers on the same number of rounds. We have applied our technique on round reduced versions of Qarma, Mantis, and Skinny. As a result, we can present – to the best of our knowledge – the best attack (with respect to number of rounds) on a round-reduced variant of Qarma.

Multiple differential-zero correlation linear cryptanalysis of reduced-round CAST-256

2017 ◽  
Vol 11 (2) ◽  
Author(s):  
Massoud Hadian Dehkordi ◽  
Roghayeh Taghizadeh
Keyword(s):  
Block Cipher ◽  
Advanced Encryption Standard ◽  
Linear Cryptanalysis ◽  
Data Complexity ◽  
Zero Correlation ◽  
Key Block ◽  
Symmetric Key ◽  
Linear Attack

AbstractCAST-256 (or CAST6) is a symmetric-key block cipher published in June 1998. It was submitted as a candidate for Advanced Encryption Standard (AES). In this paper, we will propose a new chosen text attack, the multiple differential-zero correlation linear attack, to analyze the CAST-256 block cipher. Our attack is the best-known attack on CAST-256 according to the number of rounds without the weak-key assumption. We first construct a 30-round differential-zero correlation linear distinguisher. Based on the distinguisher, we propose a first 33-round attack on CAST-256 with data complexity of

Zero-Correlation Linear Cryptanalysis of Reduced-Round SIMON

2015 ◽  
Vol 30 (6) ◽  
pp. 1358-1369 ◽  
Author(s):  
Xiao-Li Yu ◽  
Wen-Ling Wu ◽  
Zhen-Qing Shi ◽  
Jian Zhang ◽  
Lei Zhang ◽  
...  
Keyword(s):  
Linear Cryptanalysis ◽  
Zero Correlation

scholarly journals Crypto-Archaeology: unearthing design methodology of DES s-boxes

2017 ◽  
Author(s):  
Sankhanil Dey ◽  
Ranjan Ghosh
Keyword(s):  
Boolean Function ◽  
Boolean Functions ◽  
Design Methodology ◽  
Block Cipher ◽  
Block Ciphers ◽  
Public Domain ◽  
Differential Cryptanalysis ◽  
Linear Cryptanalysis ◽  
Strict Avalanche Criterion ◽  
Independence Criterion

US defence sponsored the DES program in 1974 and released it in 1977. It remained as a well-known and well accepted block cipher until 1998. Thirty-two 4-bit DES S-Boxes are grouped in eight each with four and are put in public domain without any mention of their design methodology. S-Boxes, 4-bit, 8-bit or 32-bit, find a permanent seat in all future block ciphers. In this paper, while looking into the design methodology of DES S-Boxes, we find that S-Boxes have 128 balanced and non-linear Boolean Functions, of which 102 used once, while 13 used twice and 92 of 102 satisfy the Boolean Function-level Strict Avalanche Criterion. All the S-Boxes satisfy the Bit Independence Criterion. Their Differential Cryptanalysis exhibits better results than the Linear Cryptanalysis. However, no S-Boxes satisfy the S-Box-level SAC analyses. It seems that the designer emphasized satisfaction of Boolean-Function-level SAC and S-Box-level BIC and DC, not the S-Box-level LC and SAC.

scholarly journals Multidimensional linear cryptanalysis with key difference invariant bias for block ciphers

Cybersecurity ◽  
2021 ◽  
Vol 4 (1) ◽  
Author(s):  
Wenqin Cao ◽  
Wentao Zhang
Keyword(s):  
Time Complexity ◽  
Block Ciphers ◽  
Linear Cryptanalysis ◽  
Compression Technique ◽  
Key Recovery ◽  
Linear Approximations ◽  
Theoretical Advantage ◽  
Multidimensional Linear ◽  
Multidimensional Linear Cryptanalysis ◽  
Key Recovery Attacks

AbstractFor block ciphers, Bogdanov et al. found that there are some linear approximations satisfying that their biases are deterministically invariant under key difference. This property is called key difference invariant bias. Based on this property, Bogdanov et al. proposed a related-key statistical distinguisher and turned it into key-recovery attacks on LBlock and TWINE-128. In this paper, we propose a new related-key model by combining multidimensional linear cryptanalysis with key difference invariant bias. The main theoretical advantage is that our new model does not depend on statistical independence of linear approximations. We demonstrate our cryptanalysis technique by performing key recovery attacks on LBlock and TWINE-128. By using the relations of the involved round keys to reduce the number of guessed subkey bits. Moreover, the partial-compression technique is used to reduce the time complexity. We can recover the master key of LBlock up to 25 rounds with about 260.4 distinct known plaintexts, 278.85 time complexity and 261 bytes of memory requirements. Our attack can recover the master key of TWINE-128 up to 28 rounds with about 261.5 distinct known plaintexts, 2126.15 time complexity and 261 bytes of memory requirements. The results are the currently best ones on cryptanalysis of LBlock and TWINE-128.

Zero correlation linear attack on reduced round Piccolo-80

2016 ◽  
Author(s):  
Mohammad Zare Ahangarkolaei ◽  
Seyed Reza Hoseini Najarkolaei ◽  
Siavash Ahmadi ◽  
Mohammad Reza Aref
Keyword(s):  
Zero Correlation ◽  
Linear Attack
Sign in / Sign up

Export Citation Format

Share Document