Conditional Differential Cryptanalysis of Trivium and KATAN

  • Simon Knellwolf
  • Willi Meier
  • María Naya-Plasencia
Conference paper

DOI: 10.1007/978-3-642-28496-0_12

Part of the Lecture Notes in Computer Science book series (LNCS, volume 7118)
Cite this paper as:
Knellwolf S., Meier W., Naya-Plasencia M. (2012) Conditional Differential Cryptanalysis of Trivium and KATAN. In: Miri A., Vaudenay S. (eds) Selected Areas in Cryptography. SAC 2011. Lecture Notes in Computer Science, vol 7118. Springer, Berlin, Heidelberg

Abstract

The concept of conditional differential cryptanalysis has been applied to NLFSR-based cryptosystems at ASIACRYPT 2010. We improve the technique by using automatic tools to find and analyze the involved conditions. Using these improvements we cryptanalyze the stream cipher Trivium and the KATAN family of lightweight block ciphers. For both ciphers we obtain new cryptanalytic results. For reduced variants of Trivium we obtain a class of weak keys that can be practically distinguished up to 961 of 1152 rounds. For the KATAN family we focus on its security in the related-key scenario and obtain practical key-recovery attacks for 120, 103 and 90 of 254 rounds of KATAN32, KATAN48 and KATAN64, respectively.

Keywords

Trivium KATAN conditional differential cryptanalysis 
Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Simon Knellwolf
    • 1
  • Willi Meier
    • 1
  • María Naya-Plasencia
    • 1
  1. 1.FHNWSwitzerland

Personalised recommendations