Zero-Correlation Linear Cryptanalysis on SPARX-64

SPARX is a family of ARX-based block ciphers designed according to the long-trail strategy, which has 32-bit ARX-based SBoxes and has provable bounds against single-differential and single-linear cryptanalysis. Since its proposation, some third-party cryptanalysis methods have been presented. As far as we know, the best attacks against SPARX-64 covered 16 (out of 24) rounds. In this paper, we propose zero-correlation linear attacks on SPARX-64. At first, we construct some new zero-correlation linear distinguishers covering 14-round and 15-round SPARX-64. Then, 15,16,17 and 18-round versions can be attacked using multidimensional or multiple zero-correlation linear attack models, under DKP(distinct known plaintexts) settings. These are the best attacks against SPARX-64 up to now, regarding to the number of attacked rounds. Finally, we transform the zero-correlation distinguishers into integral ones using existing methods, which are also longer than the ones proposed by the designers.

Generalized differential-linear cryptanalysis of block cipher

Differential-linear cryptanalysis of block ciphers was proposed in 1994. It turns out to be more efficient in comparison with (separately) differential and linear cryptanalytic methods, but its scientific substantiation remains the subject of further research. There are several publications devoted to formalization of differential-linear cryptanalysis and clarification of the conditions under which its complexity can be mathematically accurately assessed. However, the problem of the differential-linear cryptanalytic method substantiation remains completely unresolved. This paper presents first results obtained by the author in the direction of solving this problem. The class of differential-linear attacks on block ciphers is expanded. Namely, both distinguishing attacks and attacks aimed at recovering one bit of information about a key are considered. In this case, no assumptions are made (as in well-known publications) about the possibility of representing the cipher in the form of some two components. Lower bounds of information complexity of these attacks are obtained. The expressions of these bounds depend on the averaged (by keys) values of the elements’ squares of the generalized autocorrelation table of the encryption transformation. In contrast to the known ones, the obtained bounds are not based on any heuristic assumptions about the investigated block ciphers and are valid for a wider class of attacks as compared to the traditional differential-linear attack. Relations between, respectively, differential, linear and differential-linear properties of bijective Boolean mappings are given. In contrast to the well-known works, the matrix form of the relations is used that makes it possible to clarify better their essence and simplify the proofs. A new relation is derived for the elements of the generalized autocorrelation table of the encryption transformation of the product of two block ciphers, which may be useful in further research.

Security Cryptanalysis of NUX for the Internet of Things

In order to adopt the restricted environment, such as radio frequency identification technology or sensor networking, which are the important components of the Internet of Things, lightweight block ciphers are designed. NUX is a 31-round iterative ultralightweight cipher proposed by Bansod et al. In this paper, we examine the resistance of NUX to differential and linear analysis and search for 1~31-round differential characteristics and linear approximations. In design specification, authors claimed that 25-round NUX is resistant to differential and linear attack. However, we can successfully perform 29-round differential attack on NUX with the 22-round differential characteristic found in this paper, which is 4 rounds more than the limitation given by authors. Furthermore, we present the key recovery attack on 22-round NUX using a 19-round linear approximation determined in this paper. Besides, distinguishing attack, whose distinguisher is built utilizing the property of differential propagation through NUX, is implemented on full NUX with data complexity 8.