Abstract
This paper investigates a new framework to analyze symmetric ciphers by guessing intermediate states and dividing algorithms into consecutive sub-ciphers. It is suitable for lightweight ciphers with simple key schedules and block sizes smaller than key lengths. New attacks on the block cipher family KATAN are proposed by adopting this framework. Our new attacks can recover the master keys of 175-round KATAN32, 130-round KATAN48 and 112-round KATAN64 faster than exhaustive search, and thus reach many more rounds than previous attacks. We also provide new attacks on 115-round KATAN32 and 100-round KATAN48 in order to demonstrate this new kind of attacks can be more time-efficient and memory-efficient than existing attacks.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Albrecht, M.R., Leander, G.: An all-in-one approach to differential cryptanalysis for small block ciphers. In: Knudsen, L.R., Wu, H. (eds.) Selected Areas in Cryptography. Lecture Notes in Computer Science, vol. 7707, pp. 1–15. Springer (2012)
Aoki, K., Sasaki, Y.: Meet-in-the-middle preimage attacks against reduced SHA-0 and SHA-1. In: Halevi, S. (ed.) CRYPTO. Lecture Notes in Computer Science, vol. 5677, pp. 70–89. Springer (2009)
Bogdanov, A., Khovratovich, D., Rechberger, C.: Biclique cryptanalysis of the full AES. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT. Lecture Notes in Computer Science, vol. 7073, pp. 344–371. Springer (2011)
Bogdanov, A., Rechberger, C.: A 3-subset meet-in-the-middle attack: cryptanalysis of the lightweight block cipher KTANTAN. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) Selected Areas in Cryptography. Lecture Notes in Computer Science, vol. 6544, pp. 229–240. Springer (2010)
Cannière, C.D., Dunkelman, O., Knezevic, M.: KATAN and KTANTAN - a family of small and efficient hardware-oriented block ciphers. In: Clavier, C., Gaj, K. (eds.) CHES. Lecture Notes in Computer Science, vol. 5747, pp. 272–288. Springer (2009)
Courtois, N.T.: Algebraic complexity reduction and cryptanalysis of GOST (2011). http://www.nicolascourtois.com/papers/gostac11.pdf
Diffie, W., Hellman, M.: Exhaustive cryptanalysis of the NBS data encryption standard. Computer 10 (6), 74–84 (1977)
Dinur, I., Dunkelman, O., Keller, N., Shamir, A.: Efficient dissection of composite problems, with applications to cryptanalysis, knapsacks, and combinatorial search problems In: Advances in Cryptology - Crypto 2012. Lecture Notes in Computer Science, vol. 7417, pp. 719–740. Springer (2012)
Dinur, I., Dunkelman, O., Shamir, A.: Improved attacks on full GOST. In: Canteaut, A. (ed.) FSE. Lecture Notes in Computer Science, vol. 7549, pp. 9–28. Springer (2012)
Engels, D. W., Saarinen, M.-J.O., Schweitzer, P., Smith, E. M.: The Hummingbird-2 lightweight authenticated encryption algorithm. In: Juels, A., Paar, C. (eds.) RFIDSec. Lecture Notes in Computer Science, vol. 7055, pp. 19–31. Springer (2011)
Guo, J., Peyrin, T., Poschmann, A., Robshaw, M.J.B.: The LED block cipher. In: Preneel, B., Takagi, T. (eds.) CHES. Lecture notes in computer science, vol. 6917, pp. 326–341. Springer (2011)
Isobe, T.: A single-key attack on the full GOST block cipher. In: Joux, A. (ed.) Fast Software Encryption. Lecture Notes in Computer Science, vol. 6733, pp. 290–305. Springer (2011)
Isobe, T., Shibutani, K.: Improved All-Subkeys Recovery Attacks on FOX, KATAN and SHACAL-2 block ciphers (2014). To appear at FSE
Isobe, T., Shibutani, K.: All subkeys recovery attack on block ciphers: Extending meet-in-the-middle approach. In: Knudsen, L.R., Wu, H. (eds.) Selected Areas in Cryptography. Lecture Notes in Computer Science, vol. 7707, pp. 202–221. Springer (2012)
Khovratovich, D., Leurent, G., Rechberger, C.: Narrow-bicliques: Cryptanalysis of full IDEA. In: Pointcheval, D., Johansson, T. (eds.) Advances in Cryptology EUROCRYPT 2012. Lecture Notes in Computer Science, vol. 7237, pp. 392–410. Springer, Berlin / Heidelberg (2012)
Knudsen, L.R., Leander, G., Poschmann, A., Robshaw, M.J.B.: PRINTcipher: a block cipher for IC-Printing. In: Mangard, S., Standaert, F.-X. (eds.) CHES. Lecture Notes in Computer Science, vol. 6225, pp. 16–32. Springer (2010)
Luo, Y., Chai, Q., Gong, G., Lai, X.: A lightweight stream cipher WG-7 for RFID encryption and authentication. In: GLOBECOM, pp. 1–6. IEEE (2010)
Sasaki, Y., Aoki, K.: Finding preimages in full MD5 faster than exhaustive search. In: Joux, A. (ed.) EUROCRYPT. Lecture Notes in Computer Science, vol. 5479, pp. 134–152. Springer (2009)
Wei, L., Rechberger, C., Guo, J., Wu, H., Wang, H., Ling, S.: Improved meet-in-the-middle cryptanalysis of KTANTAN (poster). In: Parampalli, U., Hawkes, P. (eds.) ACISP. Lecture Notes in Computer Science, vol. 6812, pp. 433–438. Springer (2011)
Acknowledgments
The authors would like to thank Claude Carlet, Itai Dinur, Xinxin Fan, Yin Tan, and anonymous reviewers for helpful comments. This work is supported by NSERC Discovery Grant and ORF Grant.
Author information
Authors and Affiliations
Corresponding author
Appendix A: Parameters for the KATAN family of block ciphers
Appendix A: Parameters for the KATAN family of block ciphers
The parameters for the nonlinear functions (2) are given in Table 2. The irregular update sequence (IR) is listed in Table 3.
1.1 Appendix B: Partial matching details of the attacks on KATAN48/64
The detailed computation steps of partial matching used in the second MITM part of the attack on KATAN48 are listed as follows.
The steps of partial matching for the first MITM part of the attack on KATAN64 are listed as follows.
Rights and permissions
About this article
Cite this article
Zhu, B., Gong, G. Multidimensional meet-in-the-middle attack and its applications to KATAN32/48/64. Cryptogr. Commun. 6, 313–333 (2014). https://doi.org/10.1007/s12095-014-0102-9
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12095-014-0102-9