Advertisement

New observation on the key schedule of RECTANGLE

  • Hailun Yan
  • Yiyuan Luo
  • Mo Chen
  • Xuejia LaiEmail author
Research Paper
  • 5 Downloads

Abstract

We evaluate the security of RECTANGLE from the perspective of actual key information (AKI). Insufficient AKI permits the attackers to deduce some subkey bits from some other subkey bits, thereby lowering the overall attack complexity or getting more attacked rounds. By considering the interaction between the key schedule’s diffusion and the round function’s diffusion, we find there exists AKI insufficiency in 4 consecutive rounds for RECTANGLE-80 and 6 consecutive rounds for RECTANGLE-128, although the master key bits achieve complete diffusion in 2 and 4 rounds, respectively. With such weakness of the key schedule, we give a generic meet-in-the-middle attack on 12-round reduced RECTANGLE-128 with only 8 known plaintexts. Moreover, we calculate AKI of variants of RECTANGLE as well as PRESENT. Surprisingly we find that both RECTANGLE-128 and PRESENT-128 with no key schedule involve more AKI than the original one. Based on this finding, we slightly modify the key schedule of RECTANGLE-128. Compared with the original one, this new key schedule matches better with the round function in terms of maximizing AKI. Our work adds more insight to the design of block ciphers’ key schedule.

Keywords

lightweight block cipher RECTANGLE key schedule round function diffusion 

Notes

Acknowledgements

This work was supported by National Natural Science Foundation of China (Grant Nos. 61702331, 61472251, 61402280, U1536101), China Postdoctoral Science Foundation (Grant No. 2017M621471), National Cryptography Development Fund (Grant No. MMJJ20170105), and Science and Technology on Communication Security Laboratory.

References

  1. 1.
    Bogdanov A, Knudsen L R, Leander G, et al. PRESENT: an ultra-lightweight block cipher. In: Proceedings of International Workshop on Cryptographic Hardware and Embedded Systems. Berlin: Springer, 2007. 450–466Google Scholar
  2. 2.
    Guo J, Peyrin T, Poschmann A. The LED block cipher. In: Proceedings of Cryptographic Hardware and Embedded Systems-CHES 2011, 2011CrossRefzbMATHGoogle Scholar
  3. 3.
    Banik S, Bogdanov A, Isobe T, et al. Midori: a block cipher for low energy. In: Proceedings of International Conference on the Theory and Application of Cryptology and Information Security. Berlin: Springer, 2014. 411–436Google Scholar
  4. 4.
    Beierle C, Jean J, Kölbl S, et al. The SKINNY family of block ciphers and its low-latency variant MANTIS. In: Proceedings of Annual Cryptology Conference. Berlin: Springer, 2016. 123–153Google Scholar
  5. 5.
    Avanzi R. The QARMA block cipher family. IACR Trans Symmetric Cryptol, 2017, 2017: 4–44Google Scholar
  6. 6.
    Banik S, Pandey S K, Peyrin T, et al. GIFT: a small PRESENT. In: Proceedings of International Conference on Cryptographic Hardware and Embedded Systems. Berlin: Springer, 2017. 321–345Google Scholar
  7. 7.
    Beaulieu R, Treatman-Clark S, Shors D, et al. The SIMON and SPECK lightweight block ciphers. In: Proceedings of the 52nd ACM/EDAC/IEEE Design Automation Conference (DAC), 2015. 1–6Google Scholar
  8. 8.
    Wu W, Zhang L. LBlock: a lightweight block cipher. In: Proceedings of International Conference on Applied Cryptography and Network Security. Berlin: Springer, 2011. 327–344CrossRefGoogle Scholar
  9. 9.
    Suzaki T, Minematsu K, Morioka S, et al. TWINE: a lightweight block cipher for multiple platforms. In: Proceedings of International Conference on Selected Areas in Cryptography. Berlin: Springer, 2012. 339–354Google Scholar
  10. 10.
    Hong D, Sung J, Hong S, et al. HIGHT: a new block cipher suitable for low-resource device. In: Proceedings of International Workshop on Cryptographic Hardware and Embedded Systems. Berlin: Springer, 2006. 46–59Google Scholar
  11. 11.
    Needham R M, Wheeler D J. Tea Extensions. Technical Report. Cambridge: Cambridge University, 1997Google Scholar
  12. 12.
    Knudsen L, Leander G, Poschmann A, et al. PRINTcipher: a block cipher for IC-printing. In: Proceedings of International Workshop on Cryptographic Hardware and Embedded Systems. Berlin: Springer, 2010. 16–32Google Scholar
  13. 13.
    Diffie W, Hellman M E. Special feature exhaustive cryptanalysis of the NBS data encryption standard. Computer, 1977, 10: 74–84CrossRefGoogle Scholar
  14. 14.
    Huang J, Lai X. Revisiting key schedule’s diffusion in relation with round function’s diffusion. Des Codes Cryptogr, 2014, 73: 85–103MathSciNetCrossRefzbMATHGoogle Scholar
  15. 15.
    Huang J, Vaudenay S, Lai X. On the key schedule of lightweight block ciphers. In: Proceedings of International Conference in Cryptology in India. Berlin: Springer, 2014. 124–142Google Scholar
  16. 16.
    Lin L, Wu W, Zheng Y. Automatic search for key-bridging technique: applications to LBlock and TWINE. In: Proceedings of International Conference on Fast Software Encryption. Berlin: Springer, 2016. 247–267CrossRefGoogle Scholar
  17. 17.
    Dunkelman O, Keller N, Shamir A. Improved single-key attacks on 8-round AES-192 and AES-256. In: Proceedings of International Conference on the Theory and Application of Cryptology and Information Security. Berlin: Springer, 2010. 158–176Google Scholar
  18. 18.
    Zhang W T, Bao Z Z, Lin D D, et al. RECTANGLE: a bit-slice lightweight block cipher suitable for multiple platforms. Sci China Inf Sci, 2015, 58: 1–15Google Scholar
  19. 19.
    Biham E, Shamir A. Differential cryptanalysis of DES-like cryptosystems. J Cryptology, 1991, 4: 3–72MathSciNetCrossRefzbMATHGoogle Scholar
  20. 20.
    Biham E, Biryukov A, Shamir A. Cryptanalysis of Skipjack reduced to 31 rounds using impossible differentials. In: Proceedings of International Conference on the Theory and Applications of Cryptographic Techniques. Berlin: Springer, 1999. 12–23Google Scholar
  21. 21.
    Matsui M. Linear cryptanalysis method for DES cipher. In: Proceedings of Workshop on the Theory and Application of of Cryptographic Techniques. Berlin: Springer, 1993. 386–397Google Scholar
  22. 22.
    Daemen J, Knudsen L, Rijmen V. The block cipher Square. In: Proceedings of International Workshop on Fast Software Encryption. Berlin: Springer, 1997. 149–165CrossRefGoogle Scholar
  23. 23.
    Knudsen L,Wagner D. Integral cryptanalysis. In: Proceedings of International Workshop on Fast Software Encryption. Berlin: Springer, 2002. 112–127CrossRefGoogle Scholar
  24. 24.
    Collard B, Standaert F X. A statistical saturation attack against the block cipher PRESENT. In: Proceedings of Cryptographers’ Track at the RSA Conference. Berlin: Springer, 2009. 195–210Google Scholar
  25. 25.
    Shan J Y, Hu L, Song L, et al. Related-key differential attack on 19-round reduced RECTANGLE-80 (in Chinese). J Cryptologic Reseatch, 2015, 2: 54–65Google Scholar
  26. 26.
    Kosuge H, Tanaka H, Iwai K, et al. Integral attack on reduced-round Rectangle. In: Proceedings of IEEE 2nd International Conference on Cyber Security and Cloud Computing (CSCloud), 2015. 68–73Google Scholar
  27. 27.
    Sun L, Wang M Q. Toward a further understanding of bit-based division property. Sci China Inf Sci, 2017, 60: 128101MathSciNetCrossRefGoogle Scholar
  28. 28.
    Xiang Z, Zhang W, Bao Z, et al. Applying MILP method to searching integral distinguishers based on division property for 6 lightweight block ciphers. In: Proceedings of International Conference on the Theory and Application of Cryptology and Information Security. Berlin: Springer, 2016. 648–678Google Scholar
  29. 29.
    Sasaki Y, Todo Y. New impossible differential search tool from design and cryptanalysis aspects. In: Proceedings of Annual International Conference on the Theory and Applications of Cryptographic Techniques. Berlin: Springer, 2017. 185–215Google Scholar
  30. 30.
    Zhang W, Bao Z, Rijmen V, et al. A new classification of 4-bit optimal s-boxes and its application to PRESENT, RECTANGLE and SPONGENT. In: Proceedings of International Workshop on Fast Software Encryption. Berlin: Springer, 2015. 494–515CrossRefGoogle Scholar
  31. 31.
    Stoffelen K. Optimizing s-box implementations for several criteria using SAT solvers. In: Proceedings of International Conference on Fast Software Encryption. Berlin: Springer, 2016. 140–160CrossRefGoogle Scholar
  32. 32.
    Bao Z, Luo P, Lin D. Bitsliced implementations of the PRINCE, LED and RECTANGLE block ciphers on AVR 8-bit microcontrollers. In: Proceedings of International Conference on Information and Communications Security. Berlin: Springer, 2015. 18–36Google Scholar
  33. 33.
    Maene P, Verbauwhede I. Single-cycle implementations of block ciphers. In: Proceedings of International Workshop on Lightweight Cryptography for Security and Privacy. Berlin: Springer, 2015. 131–147Google Scholar
  34. 34.
    Feizi S, Nemati A, Ahmadi A, et al. A high-speed FPGA implementation of a Bit-slice Ultra-Lightweight block cipher, RECTANGLE. In: Proceedings of the 5th International Conference on Computer and Knowledge Engineering (ICCKE), 2015. 206–211Google Scholar
  35. 35.
    Biryukov A, Derbez P, Perrin L. Differential analysis and meet-in-the-middle attack against round-reduced TWINE. In: Proceedings of International Workshop on Fast Software Encryption. Berlin: Springer, 2015. 3–27CrossRefGoogle Scholar
  36. 36.
    Bouillaguet C, Derbez P, Fouque P A. Automatic search of attacks on round-reduced AES and applications. In: Proceedings of Annual Cryptology Conference. Berlin: Springer, 2011. 169–187Google Scholar

Copyright information

© Science China Press and Springer-Verlag GmbH Germany, part of Springer Nature 2019

Authors and Affiliations

  1. 1.Department of Computer Science and EngineeringShanghai Jiao Tong UniversityShanghaiChina
  2. 2.School of Electronics and InformationShanghai Dianji UniversityShanghaiChina
  3. 3.Westone Cryptologic Research CenterBeijingChina

Personalised recommendations