scholarly journals NEW KEY EXPANSION FUNCTION OF RIJNDAEL 128-BIT RESISTANCE TO THE RELATED-KEY ATTACKS

2018 ◽  
Author(s):  
Hassan Mansur Hussien ◽  
Zaiton Muda ◽  
Sharifah Md Yasin
Keyword(s):  
Mixed Integer Linear Programming ◽  
Block Cipher ◽  
Statistical Tests ◽  
Mixed Integer ◽  
Differential Attack ◽  
Key Schedule ◽  
Strict Avalanche Criterion ◽  
Boomerang Attack ◽  
Common Block ◽  
Provably Secure

A master key of special length is manipulated based on the key schedule to create round sub-keys in most block ciphers. A strong key schedule is described as a cipher that will be more resistant to various forms of attacks, especially in related-key model attacks. Rijndael is the most common block cipher, and it was adopted by the National Institute of Standards and Technology, USA in 2001 as an Advance Encryption Standard. However, a few studies on cryptanalysis revealed that a security weakness of Rijndael refers to its vulnerability to related-key differential attack as well as the related-key boomerang attack, which is mainly caused by the lack of nonlinearity in the key schedule of Rijndael. In relation to this, constructing a key schedule that is both efficient and provably secure has been an ongoing open problem. Hence, this paper presents a method to improve the key schedule of Rijndael 128-bit for the purpose of making it more resistance to the related-key differential and boomerang attacks. In this study, two statistical tests, namely the Frequency test and the Strict Avalanche Criterion test were employed to respectively evaluate the properties of bit confusion and bit diffusion. The results showed that the proposed key expansion function has excellent statistical properties and agrees with the concept of Shannon’s diffusion and confusion bits. Meanwhile, the Mixed Integer Linear Programming based approach was adopted to evaluate the resistance of the proposed approach towards the related-key differential and boomerang attacks. The proposed approach was also found to be resistant against the two attacks discovered in the original Rijndael. Overall, these results proved that the proposed approach is able to perform better compared to the original Rijndael key expansion function and that of the previous research.  

scholarly journals Cryptanalysis of Reduced round SKINNY Block Cipher

2018 ◽  
pp. 124-162 ◽  
Author(s):  
Sadegh Sadeghi ◽  
Tahereh Mohammadi ◽  
Nasour Bagheri
Keyword(s):  
Mixed Integer Linear Programming ◽  
Block Cipher ◽  
Mixed Integer ◽  
Differential Attack ◽  
Key Recovery ◽  
Zero Correlation ◽  
Impossible Differential ◽  
Key Recovery Attack ◽  
Correlation Attacks ◽  
Impossible Differential Cryptanalysis

SKINNY is a family of lightweight tweakable block ciphers designed to have the smallest hardware footprint. In this paper, we present zero-correlation linear approximations and the related-tweakey impossible differential characteristics for different versions of SKINNY .We utilize Mixed Integer Linear Programming (MILP) to search all zero-correlation linear distinguishers for all variants of SKINNY, where the longest distinguisher found reaches 10 rounds. Using a 9-round characteristic, we present 14 and 18-round zero correlation attacks on SKINNY-64-64 and SKINNY- 64-128, respectively. Also, for SKINNY-n-n and SKINNY-n-2n, we construct 13 and 15-round related-tweakey impossible differential characteristics, respectively. Utilizing these characteristics, we propose 23-round related-tweakey impossible differential cryptanalysis by applying the key recovery attack for SKINNY-n-2n and 19-round attack for SKINNY-n-n. To the best of our knowledge, the presented zero-correlation characteristics in this paper are the first attempt to investigate the security of SKINNY against this attack and the results on the related-tweakey impossible differential attack are the best reported ones.

scholarly journals Cryptanalysis on SDDO-Based BM123-64 Designs Suitable for Various IoT Application Targets

Symmetry ◽  
2018 ◽  
Vol 10 (8) ◽  
pp. 353 ◽  
Author(s):  
Tran Phuc ◽  
Changhoon Lee
Keyword(s):  
Internet Of Things ◽  
High Speed ◽  
High Probability ◽  
Block Cipher ◽  
Algorithm Selection ◽  
Key Schedule ◽  
Boomerang Attack ◽  
Selection For ◽  
Differential Attacks

BM123-64 block cipher, which was proposed by Minh, N.H. and Bac, D.T. in 2014, was designed for high speed communication applications factors. It was constructed in hybrid controlled substitution–permutation network (CSPN) models with two types of basic controlled elements (CE) in distinctive designs. This cipher is based on switchable data-dependent operations (SDDO) and covers dependent-operations suitable for efficient primitive approaches for cipher constructions that can generate key schedule in a simple way. The BM123-64 cipher has advantages including high applicability, flexibility, and portability with different algorithm selection for various application targets with internet of things (IoT) as well as secure protection against common types of attacks, for instance, differential attacks and linear attacks. However, in this paper, we propose methods to possibly exploit the BM123-64 structure using related-key attacks. We have constructed a high probability related-key differential characteristics (DCs) on a full eight rounds of BM123-64 cipher. The related-key amplified boomerang attack is then proposed on all three different cases of operation-specific designs with effective results in complexity of data and time consumptions. This study can be considered as the first cryptographic results on BM123-64 cipher.

MILP-based Related-Key Rectangle Attack and Its Application to GIFT, Khudra, MIBS

2019 ◽  
Author(s):  
Lele Chen ◽  
Gaoli Wang ◽  
GuoYan Zhang
Keyword(s):  
Linear Programming ◽  
Integer Linear Programming ◽  
Mixed Integer Linear Programming ◽  
Time Complexity ◽  
Block Ciphers ◽  
Mixed Integer ◽  
Data Complexity ◽  
Differential Attack

AbstractThe rectangle attack is the extension of the traditional differential attack and is evolved from the boomerange attack. It has been widely used to attack several existing ciphers. In this article, we study the security of lightweight block ciphers GIFT, Khudra and MIBS against related-key rectangle attack. We use Mixed-Integer Linear Programming-aided cryptanalysis to search rectangle distinguishers by taking into account the effect of the ladder switch technique. For GIFT, we build a 19-round related-key rectangle distinguisher and attack on 23-round GIFT-64, which requires 260 chosen plaintexts and 2107 encryptions. For Khudra, a 14-round related-key rectangle distinguisher can be built, which leads us to a 17-round rectangle attack. Our attack on 17-round Khudra requires a data complexity of 262.9 chosen plaintexts and a time complexity of 273.9 encryptions. For MIBS, we construct a 13-round related-key rectangle distinguisher and propose an attack on 15-round MIBS-64 with time complexity of 259 and data complexity of 245. Compared to the previous best related-key rectangle attack, we can attack one more round on Khudra and MIBS-64 than before.

scholarly journals Improved Conditional Differential Analysis on NLFSR-Based Block Cipher KATAN32 with MILP

2020 ◽  
Vol 2020 ◽  
pp. 1-14
Author(s):  
Zhaohui Xing ◽  
Wenying Zhang ◽  
Guoyong Han
Keyword(s):  
Mixed Integer Linear Programming ◽  
Time Complexity ◽  
Block Cipher ◽  
Mixed Integer ◽  
Differential Analysis ◽  
Nonlinear Feedback ◽  
Key Recovery ◽  
Nonlinear Feedback Shift Register ◽  
Feedback Shift Register ◽  
Key Recovery Attacks

In this paper, a new method for constructing a Mixed Integer Linear Programming (MILP) model on conditional differential cryptanalysis of the nonlinear feedback shift register- (NLFSR-) based block ciphers is proposed, and an approach to detecting the bit with a strongly biased difference is provided. The model is successfully applied to the block cipher KATAN32 in the single-key scenario, resulting in practical key-recovery attacks covering more rounds than the previous. In particular, we present two distinguishers for 79 and 81 out of 254 rounds of KATAN32. Based on the 81-round distinguisher, we recover 11 equivalent key bits of 98-round KATAN32 and 13 equivalent key bits of 99-round KATAN32. The time complexity is less than 2 31 encryptions of 98-round KATAN32 and less than 2 33 encryptions of 99-round KATAN32, respectively. Thus far, our results are the best known practical key-recovery attacks for the round-reduced variants of KATAN32 regarding the number of rounds and the time complexity. All the results are verified experimentally.

scholarly journals Integral Distinguishers of the Full-Round Lightweight Block Cipher SAT_Jo

2021 ◽  
Vol 2021 ◽  
pp. 1-9
Author(s):  
Xueying Qiu ◽  
Yongzhuang Wei ◽  
Samir Hodzic ◽  
Enes Pasalic
Keyword(s):  
Linear Programming ◽  
Integer Linear Programming ◽  
Mixed Integer Linear Programming ◽  
Time Complexity ◽  
Block Cipher ◽  
Security Analysis ◽  
Mixed Integer ◽  
Substitution Boxes ◽  
Lightweight Block Cipher ◽  
The One

Integral cryptanalysis based on division property is a powerful cryptanalytic method whose range of successful applications was recently extended through the use of Mixed-Integer Linear Programming (MILP). Although this technique was demonstrated to be efficient in specifying distinguishers of reduced round versions of several families of lightweight block ciphers (such as SIMON, PRESENT, and few others), we show that this method provides distinguishers for a full-round block cipher SAT_Jo. SAT_Jo cipher is very similar to the well-known PRESENT block cipher, which has successfully withstood the known cryptanalytic methods. The main difference compared to PRESENT, which turns out to induce severe weaknesses of SAT_Jo algorithm, is its different choice of substitution boxes (S-boxes) and the bit-permutation layer for the reasons of making the cipher highly resource-efficient. Even though the designers provided a security analysis of this scheme against some major generic cryptanalytic methods, an application of the bit-division property in combination with MILP was not considered. By specifying integral distinguishers for the full-round SAT_Jo algorithm using this method, we essentially disapprove its use in intended applications. Using a 30-round distinguisher, we also describe a subkey recovery attack on the SAT_Jo algorithm whose time complexity is about 2 66 encryptions (noting that SAT_Jo is designed to provide 80 bits of security). Moreover, it seems that the choice of bit-permutation induces weak division properties since replacing the original bit-permutation of SAT_Jo by the one used in PRESENT immediately renders integral distinguishers inefficient.

scholarly journals A Security Analysis of Deoxys and its Internal Tweakable Block Ciphers

2017 ◽  
pp. 73-107 ◽  
Author(s):  
Carlos Cid ◽  
Tao Huang ◽  
Thomas Peyrin ◽  
Yu Sasaki ◽  
Ling Song
Keyword(s):  
Linear Programming ◽  
Mixed Integer Linear Programming ◽  
Block Cipher ◽  
Security Analysis ◽  
Block Ciphers ◽  
Mixed Integer ◽  
Authenticated Encryption ◽  
Search Tool ◽  
Caesar Competition ◽  
Milp Model

In this article, we provide the first independent security analysis of Deoxys, a third-round authenticated encryption candidate of the CAESAR competition, and its internal tweakable block ciphers Deoxys-BC-256 and Deoxys-BC-384. We show that the related-tweakey differential bounds provided by the designers can be greatly improved thanks to a Mixed Integer Linear Programming (MILP) based search tool. In particular, we develop a new method to incorporate linear incompatibility in the MILP model. We use this tool to generate valid differential paths for reduced-round versions of Deoxys-BC-256 and Deoxys-BC-384, later combining them into broader boomerang or rectangle attacks. Here, we also develop a new MILP model which optimises the two paths by taking into account the effect of the ladder switch technique. Interestingly, with the tweak in Deoxys-BC providing extra input as opposed to a classical block cipher, we can even consider beyond full-codebook attacks. As these primitives are based on the TWEAKEY framework, we further study how the security of the cipher is impacted when playing with the tweak/key sizes. All in all, we are able to attack 10 rounds of Deoxys-BC-256 (out of 14) and 13 rounds of Deoxys-BC-384 (out of 16). The extra rounds specified in Deoxys-BC to balance the tweak input (when compared to AES) seem to provide about the same security margin as AES-128. Finally we analyse why the authenticated encryption modes of Deoxys mostly prevent our attacks on Deoxys-BC to apply to the authenticated encryption primitive.

Sign in / Sign up

Export Citation Format

Share Document