Advances in Cryptology – CRYPTO 2011

Volume 6841 of the series Lecture Notes in Computer Science pp 206-221

A Cryptanalysis of PRINTcipher: The Invariant Subspace Attack

  • Gregor LeanderAffiliated withTechnical University of Denmark
  • , Mohamed Ahmed AbdelraheemAffiliated withTechnical University of Denmark
  • , Hoda AlKhzaimiAffiliated withTechnical University of Denmark
  • , Erik ZennerAffiliated withTechnical University of Denmark


At CHES 2010, the new block cipher PRINTcipher was presented as a light-weight encryption solution for printable circuits [15]. The best attack to date is a differential attack [1] that breaks less than half of the rounds. In this paper, we will present a new attack called invariant subspace attack that breaks the full cipher for a significant fraction of its keys. This attack can be seen as a weak-key variant of a statistical saturation attack. For such weak keys, a chosen plaintext distinguishing attack can be mounted in unit time. In addition to breaking PRINTcipher, the new attack also gives us new insights into other, more well-established attacks. We derive a truncated differential characteristic with a round-independent but highly key-dependent probability. In addition, we also show that for weak keys, strongly biased linear approximations exists for any number of rounds. In this sense, PRINTcipher behaves very differently to what is usually – often implicitly – assumed.


Symmetric cryptography block cipher invariant subspace attack truncated differentials linear cryptanalysis statistical saturation attack