Abstract
This paper considers PRESENT-like ciphers with key-dependent S-boxes. We focus on the setting where the same selection of S-boxes is used in every round. One particular variant with 16 rounds, proposed in 2009, is broken in practice in a chosen plaintext/chosen ciphertext scenario. Extrapolating these results suggests that up to 28 rounds of such ciphers can be broken. Furthermore, we outline how our attack strategy can be applied to an extreme case where the S-boxes are chosen uniformly at random for each round, and where the bit permutation is key-dependent as well.
Article PDF
Similar content being viewed by others
References
M.A. Abdelraheem, G. Leander, E. Zenner, Differential cryptanalysis of round-reduced PRINTcipher: computing roots of permutations, in Fast Software Encryption 2011, Proceedings, ed. by A. Joux. Lecture Notes in Computer Science, vol. 6733 (Springer, Berlin, 2011), pp. 1–17
E. Biham, A. Biryukov, How to strengthen DES using existing hardware, in Advances in Cryptology—ASIACRYPT’94, Proceedings, ed. by J. Pieprzyk, R. Safavi-Naini. Lecture Notes in Computer Science, vol. 917 (Springer, Berlin, 1995), pp. 398–412
A. Biryukov, A. Shamir, Structural cryptanalysis of SASAS, in Advances in Cryptology—EUROCRYPT 2001, Proceedings, ed. by B. Pfitzmann. Lecture Notes in Computer Science, vol. 2045 (Springer, Berlin, 2001), pp. 394–405
A. Bogdanov, L.R. Knudsen, G. Leander, C. Paar, A. Poschmann, M.J.B. Robshaw, Y. Seurin, C. Vikkelsø, PRESENT: an ultra-lightweight block cipher, in Cryptographic Hardware and Embedded Systems—CHES 2007, Proceedings, ed. by P. Paillier, I. Verbauwhede. Lecture Notes in Computer Science, vol. 4727 (Springer, Berlin, 2007), pp. 450–466
J. Borghoff, L.R. Knudsen, G. Leander, K. Matusiewicz, Cryptanalysis of C2, in Advances in Cryptology—CRYPTO 2009, Proceedings, ed. by S. Halevi. Lecture Notes in Computer Science, vol. 5677 (Springer, Berlin, 2009), pp. 250–266
J. Cho, Linear cryptanalysis of reduced-round PRESENT, in Topics in Cryptology-CT-RSA 2010, the Cryptographers’ Track at the RSA Conference 2010, San Francisco, CA, USA, March 1–5, 2010 (Springer, Berlin, 2010)
R.M. Corless, G.H. Gonnet, D. Hare, D.J. Jeffery, Lambert’s W function in Maple. Maple Tech. Newsl. 9, 12–22 (1993)
W. Feller, An Introduction to Probability Theory and Its Applications, 3rd edn. (Wiley, New York, 1968)
H. Gilbert, P. Chauvaud, A chosen plaintext attack of the 16-round Khufu cryptosystem, in Advances in Cryptology—CRYPTO’94, Proceedings, ed. by Y. Desmedt. Lecture Notes in Computer Science, vol. 839 (Springer, Berlin, 1994), pp. 359–368
M. Gomathisankaran, R.B. Lee, Maya: a novel block encryption function, in International Workshop on Coding and Cryptography 2009, Proceedings (2010). Available: http://palms.princeton.edu/system/files/maya.pdf
GOST: Gosudarstvennyi Standard 28147-89, Cryptographic Protection for Data Processing Systems, government Committee of the USSR for Standards (1989) (in Russian)
L.R. Knudsen, G. Leander, A. Poschmann, M.J.B. Robshaw, PRINTcipher: a block cipher for IC-Printing, in Cryptographic Hardware and Embedded Systems 2010, Proceedings, ed. by S. Mangard, F.X. Standaert. Lecture Notes in Computer Science, vol. 6225 (Springer, Berlin, 2010), pp. 16–32
G. Leander, M.A. Abdelraheem, H. AlKhzaimi, E. Zenner, A cryptanalysis of PRINTcipher: the invariant subspace attack, in Advances in Cryptology—CRYPTO 2011, Proceedings, ed. by P. Rogaway. Lecture Notes in Computer Science, vol. 6841 (Springer, Berlin, 2011), pp. 206–221
R.C. Merkle, Fast software encryption functions, in Advances in Cryptology—CRYPTO’90, Proceedings, ed. by A. Menezes, S.A. Vanstone. Lecture Notes in Computer Science, vol. 537 (Springer, Berlin, 1991), pp. 476–501
B. Schneier, Description of a new variable-length key, 64-bit block cipher (Blowfish), in Fast Software Encryption 1993, Proceedings, ed. by R.J. Anderson. Lecture Notes in Computer Science, vol. 809 (Springer, Berlin, 1994), pp. 191–204
B. Schneier, J. Kelsey, D. Whiting, D. Wagner, C. Hall, N. Ferguson, The Twofish Encryption Algorithm: A 128-Bit Block Cipher (1999). ISBN 978-0471353812
S. Vaudenay, On the weak keys of blowfish, in Fast Software Encryption 1996, Proceedings, ed. by D. Gollmann. Lecture Notes in Computer Science, vol. 1039 (Springer, Berlin, 1996), pp. 27–32
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by Willi Meier
Rights and permissions
About this article
Cite this article
Borghoff, J., Knudsen, L.R., Leander, G. et al. Slender-Set Differential Cryptanalysis. J Cryptol 26, 11–38 (2013). https://doi.org/10.1007/s00145-011-9111-4
Received:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00145-011-9111-4