scholarly journals Multidimensional linear cryptanalysis with key difference invariant bias for block ciphers

Cybersecurity ◽  
2021 ◽  
Vol 4 (1) ◽  
Author(s):  
Wenqin Cao ◽  
Wentao Zhang
Keyword(s):  
Time Complexity ◽  
Block Ciphers ◽  
Linear Cryptanalysis ◽  
Compression Technique ◽  
Key Recovery ◽  
Linear Approximations ◽  
Theoretical Advantage ◽  
Multidimensional Linear ◽  
Multidimensional Linear Cryptanalysis ◽  
Key Recovery Attacks

AbstractFor block ciphers, Bogdanov et al. found that there are some linear approximations satisfying that their biases are deterministically invariant under key difference. This property is called key difference invariant bias. Based on this property, Bogdanov et al. proposed a related-key statistical distinguisher and turned it into key-recovery attacks on LBlock and TWINE-128. In this paper, we propose a new related-key model by combining multidimensional linear cryptanalysis with key difference invariant bias. The main theoretical advantage is that our new model does not depend on statistical independence of linear approximations. We demonstrate our cryptanalysis technique by performing key recovery attacks on LBlock and TWINE-128. By using the relations of the involved round keys to reduce the number of guessed subkey bits. Moreover, the partial-compression technique is used to reduce the time complexity. We can recover the master key of LBlock up to 25 rounds with about 260.4 distinct known plaintexts, 278.85 time complexity and 261 bytes of memory requirements. Our attack can recover the master key of TWINE-128 up to 28 rounds with about 261.5 distinct known plaintexts, 2126.15 time complexity and 261 bytes of memory requirements. The results are the currently best ones on cryptanalysis of LBlock and TWINE-128.

scholarly journals Partly-Pseudo-Linear Cryptanalysis of Reduced-Round Speck

Cryptography ◽  
2020 ◽  
Vol 5 (1) ◽  
pp. 1
Author(s):  
Sarah A. Alzakari ◽  
Poorvi L. Vora
Keyword(s):  
Linear Approximation ◽  
Block Ciphers ◽  
Linear Cryptanalysis ◽  
Key Recovery ◽  
Linear Approximations ◽  
Key Recovery Attacks

We apply McKay’s pseudo-linear approximation of addition modular 2n to lightweight ARX block ciphers with large words, specifically the Speck family. We demonstrate that a pseudo-linear approximation can be combined with a linear approximation using the meet-in-the-middle attack technique to recover several key bits. Thus we illustrate improvements to Speck linear distinguishers based solely on Cho–Pieprzyk approximations by combining them with pseudo-linear approximations, and propose key recovery attacks.

scholarly journals Separable Statistics and Multidimensional Linear Cryptanalysis

2018 ◽  
pp. 79-110
Author(s):  
Stian Fauskanger ◽  
Igor Semaev
Keyword(s):  
Critical Region ◽  
Time Complexity ◽  
Success Probability ◽  
Search Tree ◽  
Encryption Algorithm ◽  
Linear Cryptanalysis ◽  
Brute Force ◽  
New Ideas ◽  
Multidimensional Linear ◽  
Multidimensional Linear Cryptanalysis

Multidimensional linear cryptanalysis of block ciphers is improved in this work by introducing a number of new ideas. Firstly, formulae is given to compute approximate multidimensional distributions of the encryption algorithm internal bits. Conventional statistics like LLR (Logarithmic Likelihood Ratio) do not fit to work in Matsui’s Algorithm 2 for large dimension data, as the observation may depend on too many cipher key bits. So, secondly, a new statistic which reflects the structure of the cipher round is constructed instead. Thirdly, computing the statistic values that will fall into a critical region is presented as an optimisation problem for which an efficient algorithm is suggested. The algorithm works much faster than brute forcing all relevant key bits to compute the statistic. An attack for 16-round DES was implemented. We got an improvement over Matsui’s attack on DES in data and time complexity keeping success probability the same. With 241.81 plaintext blocks and success rate 0.83 (computed theoretically) we found 241.46 (which is close to the theoretically predicted number 241.81) key-candidates to 56-bit DES key. Search tree to compute the statistic values which fall into the critical region incorporated 245.45 nodes in the experiment and that is at least theoretically inferior in comparison with the final brute force. To get success probability 0.85, which is a fairer comparison to Matsui’s results, we would need 241.85 data and to brute force 241.85 key-candidates. That compares favourably with 243 achieved by Matsui.

scholarly journals Improved Parameter Estimates for Correlation and Capacity Deviates in Linear Cryptanalysis

2017 ◽  
pp. 162-191
Author(s):  
Céline Blondeau ◽  
Kaisa Nyberg
Keyword(s):  
Success Probability ◽  
Parameter Estimates ◽  
Linear Cryptanalysis ◽  
Test Statistic ◽  
Key Recovery ◽  
Sample Correlation ◽  
Mean And Variance ◽  
Multidimensional Linear ◽  
Linear Attack ◽  
Multidimensional Linear Cryptanalysis

Statistical attacks form an important class of attacks against block ciphers. By analyzing the distribution of the statistics involved in the attack, cryptanalysts aim at providing a good estimate of the data complexity of the attack. Recently multiple papers have drawn attention to how to improve the accuracy of the estimated success probability of linear key-recovery attacks. In particular, the effect of the key on the distribution of the sample correlation and capacity has been investigated and new statistical models developed. The major problem that remains open is how to obtain accurate estimates of the mean and variance of the correlation and capacity. In this paper, we start by presenting a solution for a linear approximation which has a linear hull comprising a number of strong linear characteristics. Then we generalize this approach to multiple and multidimensional linear cryptanalysis and derive estimates of the variance of the test statistic. Our simplest estimate can be computed given the number of the strong linear approximations involved in the offline analysis and the resulting estimate of the capacity. The results tested experimentally on SMALLPRESENT-[4] show the accuracy of the estimated variance is significantly improved. As an application we give more realistic estimates of the success probability of the multidimensional linear attack of Cho on 26 rounds of PRESENT.

scholarly journals Efficient Side-Channel Secure Message Authentication with Better Bounds

2020 ◽  
pp. 23-53
Author(s):  
Chun Guo ◽  
François-Xavier Standaert ◽  
Weijia Wang ◽  
Yu Yu
Keyword(s):  
Time Complexity ◽  
Side Channel ◽  
Message Authentication ◽  
Security Threat ◽  
Cryptographic Primitives ◽  
Key Recovery ◽  
Leakage Resilience ◽  
Authentication Schemes ◽  
Key Recovery Attacks ◽  
Provably Secure

We investigate constructing message authentication schemes from symmetric cryptographic primitives, with the goal of achieving security when most intermediate values during tag computation and verification are leaked (i.e., mode-level leakage-resilience). Existing efficient proposals typically follow the plain Hash-then-MAC paradigm T = TGenK(H(M)). When the domain of the MAC function TGenK is {0, 1}128, e.g., when instantiated with the AES, forgery is possible within time 264 and data complexity 1. To dismiss such cheap attacks, we propose two modes: LRW1-based Hash-then-MAC (LRWHM) that is built upon the LRW1 tweakable blockcipher of Liskov, Rivest, and Wagner, and Rekeying Hash-then-MAC (RHM) that employs internal rekeying. Built upon secure AES implementations, LRWHM is provably secure up to (beyond-birthday) 278.3 time complexity, while RHM is provably secure up to 2121 time. Thus in practice, their main security threat is expected to be side-channel key recovery attacks against the AES implementations. Finally, we benchmark the performance of instances of our modes based on the AES and SHA3 and confirm their efficiency.

scholarly journals Boomeyong: Embedding Yoyo within Boomerang and its Applications to Key Recovery Attacks on AES and Pholkos

2021 ◽  
pp. 137-169
Author(s):  
Mostafizar Rahman ◽  
Dhiman Saha ◽  
Goutam Paul
Keyword(s):  
Time Complexity ◽  
Block Cipher ◽  
New Technique ◽  
Small Scale ◽  
Key Recovery ◽  
Boomerang Attack ◽  
Tweakable Block Cipher ◽  
Key Recovery Attack ◽  
Key Recovery Attacks

This work investigates a generic way of combining two very effective and well-studied cryptanalytic tools, proposed almost 18 years apart, namely the boomerang attack introduced by Wagner in FSE 1999 and the yoyo attack by Ronjom et al. in Asiacrypt 2017. In doing so, the s-box switch and ladder switch techniques are leveraged to embed a yoyo trail inside a boomerang trail. As an immediate application, a 6-round key recovery attack on AES-128 is mounted with time complexity of 278. A 10-round key recovery attack on recently introduced AES-based tweakable block cipher Pholkos is also furnished to demonstrate the applicability of the new technique on AES-like constructions. The results on AES are experimentally verified by applying and implementing them on a small scale variant of AES. We provide arguments that draw a relation between the proposed strategy with the retracing boomerang attack devised in Eurocrypt 2020. To the best of our knowledge, this is the first attempt to merge the yoyo and boomerang techniques to analyze SPN ciphers and warrants further attention as it has the potential of becoming an important cryptanalysis tool.

scholarly journals Key-recovery attacks on LED-like block ciphers

2019 ◽  
Vol 24 (5) ◽  
pp. 585-595 ◽  
Author(s):  
Linhong Xu ◽  
Jiansheng Guo ◽  
Jingyi Cui ◽  
Mingming Li
Keyword(s):  
Block Ciphers ◽  
Key Recovery ◽  
Key Recovery Attacks

scholarly journals Improved Conditional Differential Analysis on NLFSR-Based Block Cipher KATAN32 with MILP

2020 ◽  
Vol 2020 ◽  
pp. 1-14
Author(s):  
Zhaohui Xing ◽  
Wenying Zhang ◽  
Guoyong Han
Keyword(s):  
Mixed Integer Linear Programming ◽  
Time Complexity ◽  
Block Cipher ◽  
Mixed Integer ◽  
Differential Analysis ◽  
Nonlinear Feedback ◽  
Key Recovery ◽  
Nonlinear Feedback Shift Register ◽  
Feedback Shift Register ◽  
Key Recovery Attacks

In this paper, a new method for constructing a Mixed Integer Linear Programming (MILP) model on conditional differential cryptanalysis of the nonlinear feedback shift register- (NLFSR-) based block ciphers is proposed, and an approach to detecting the bit with a strongly biased difference is provided. The model is successfully applied to the block cipher KATAN32 in the single-key scenario, resulting in practical key-recovery attacks covering more rounds than the previous. In particular, we present two distinguishers for 79 and 81 out of 254 rounds of KATAN32. Based on the 81-round distinguisher, we recover 11 equivalent key bits of 98-round KATAN32 and 13 equivalent key bits of 99-round KATAN32. The time complexity is less than 2 31 encryptions of 98-round KATAN32 and less than 2 33 encryptions of 99-round KATAN32, respectively. Thus far, our results are the best known practical key-recovery attacks for the round-reduced variants of KATAN32 regarding the number of rounds and the time complexity. All the results are verified experimentally.

Sign in / Sign up

Export Citation Format

Share Document