Skip to main content

A generalized framework for accelerating exhaustive search utilizing deterministic related-key differential characteristics

Abstract

The deterministic related-key characteristic in DES can be used to accelerate the exhaustive search in the single-key setting even if an adversary cannot obtain the ciphertexts for arbitrary plaintexts in the related-key model. Inspired by this observation, it has become a common belief that if there exist \(2^m\) deterministic differential characteristics for a block cipher with the key size of k, they can be employed to decrease the security to \(k-m\) bits. The adversary should be able to efficiently partition the key space according to eliminated related keys in order to accelerate the exhaustive search. However, the conventional technique utilized to exploit one deterministic related-key differential characteristic is not extendable. Several deterministic related-key differential properties, regardless of the differences’ values cannot be exploited by applying this technique. In this paper, we describe a precise framework for utilizing several deterministic related-key differential distinguishers, which provides a general methodology to reduce the security of cryptographic primitives. It takes the advantage of deterministic related-key properties. We demonstrate our proposed framework can be used to evaluate the security of block ciphers by presenting straightforward applications of our framework on different variants of block ciphers. In particular, we present a new attack on the well-known FX and Even–Mansour constructions. The latter is quite simpler than the former.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3

References

  1. 1.

    Albrecht, M.R., Driessen, B., Kavun, E.B., Leander, G., Paar, C., Yalçin, T.: Block ciphers - focus on the linear layer (feat. PRIDE). In Garay, J.A., Gennaro, R. (eds.) Advances in Cryptology - CRYPTO 2014 - 34th Annual Cryptology Conference, Santa Barbara, CA, USA, August 17-21, 2014, Proceedings, Part I, volume 8616 of Lecture Notes in Computer Science, pp. 57–76. Springer, Berlin (2014)

  2. 2.

    Avanzi, R.: The QARMA block cipher family almost MDS matrices over rings with zero divisors, nearly symmetric even-mansour constructions with non-involutory central rounds, and search heuristics for low-latency s-boxes. IACR Trans. Symmetric Cryptol. 2017(1), 4–44 (2017)

    Article  Google Scholar 

  3. 3.

    Banik, S., Bogdanov, A., Isobe, T., Shibutani, K., Hiwatari, H., Akishita, T., Regazzoni, F.M.: A block cipher for low energy. In Iwata, T., Cheon, J.H. (eds.) Advances in Cryptology - ASIACRYPT 2015 - 21st International Conference on the Theory and Application of Cryptology and Information Security, Auckland, New Zealand, November 29 - December 3, 2015, Proceedings, Part II, volume 9453 of Lecture Notes in Computer Science, pp. 411–436. Springer, Berlin (2015)

  4. 4.

    Borghoff, J., Canteaut, A., Güneysu, T., Kavun, E.B., Knezevic, M., Knudsen, L.R., Leander, G., Nikov, V., Paar, C., Rechberger, C., Rombouts, P., Thomsen, S.S., Yalçin, T.: PRINCE - A Low-Latency Block Cipher for Pervasive Computing Applications - Extended Abstract. In Wang, X., Sako, K. (eds.) ASIACRYPT 2012, volume 7658 of LNCS, pp. 208–225. Springer, Berlin (2012)

  5. 5.

    Bozilov, D., Eichlseder, M., Knezevic, M., Lambin, B., Leander, G., Moos, T., Nikov, V., Rasoolzadeh, S., Todo, Y., Wiemer, F.: Princev2 - more security for (almost) no overhead. IACR Cryptol. ePrint Arch., 2020:1269, (2020)

  6. 6.

    Bernstein, D.J.: Related-key Attacks: Who Cares? eSTREAM discussion forum (2005). http://www.ecrypt.eu.org/stream/phorum/

  7. 7.

    Biham, E.: New types of cryptanalytic attacks using related keys. J. Cryptol. 7(4), 229–246 (1994)

    Article  Google Scholar 

  8. 8.

    Biryukov, A., Khovratovich, D.: Related-key cryptanalysis of the full AES-192 and AES-256. In Matsui, M. (ed.) Advances in Cryptology - ASIACRYPT 2009, 15th International Conference on the Theory and Application of Cryptology and Information Security, Tokyo, Japan, December 6–10, 2009. Proceedings, volume 5912 of Lecture Notes in Computer Science, pp. 1–18. Springer, Berlin (2009)

  9. 9.

    Biryukov, A., Khovratovich, D., Nikolic, I.: Distinguisher and related-key attack on the full AES-256. In Halevi, S. (ed.) Advances in Cryptology - CRYPTO 2009, 29th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 16–20, 2009. Proceedings, volume 5677 of Lecture Notes in Computer Science, pp. 231–249. Springer, Berlin (2009)

  10. 10.

    Brown, L., Kwan, M., Pieprzyk, J., Seberry, J.: Improving Resistance to Differential Cryptanalysis and the Redesign of LOKI. In Imai, H., Rivest, R.L., Matsumoto, T. (eds.) ASIACRYPT 1991, volume 739 of LNCS, pp. 36–50. Springer, Berlin (1991)

  11. 11.

    Beierle, C., Leander, G., Moradi, A., Rasoolzadeh, S.: CRAFT: lightweight tweakable block cipher with efficient protection against DFA attacks. IACR Trans. Symmetric Cryptol. 2019(1), 5–45 (2019)

    Article  Google Scholar 

  12. 12.

    Biham, E., Shamir, A.: Differential Cryptanalysis of Snefru, Khafre, REDOC-II, LOKI and Lucifer. In Feigenbaum, J. (ed.) CRYPTO, volume 576 of LNCS, pp. 156–171. Springer, Berlin (1991)

  13. 13.

    Biryukov, A., Wagner, D.: Advanced Slide Attacks. In Preneel, B., (eds.) EUROCRYPT 2000, volume 1807 of LNCS, pp. 589–606. Springer, Berlin (2000)

  14. 14.

    Daemen, J.: Limitations of the even-mansour construction. In Imai, H., Rivest, R.L., Matsumoto, T. (eds.) Advances in Cryptology - ASIACRYPT ’91, International Conference on the Theory and Applications of Cryptology, Fujiyoshida, Japan, November 11-14, 1991, Proceedings, volume 739 of Lecture Notes in Computer Science, pp. 495–498. Springer, Berlin (1991)

  15. 15.

    Dobraunig, C., Eichlseder, M., Grassi, L., Lallemand, V., Leander, G., List, E., Mendel, F., Rechberger, C.: Rasta: A cipher with low anddepth and few ands per bit. In Shacham, H., Boldyreva, A. (eds.) Advances in Cryptology - CRYPTO 2018 - 38th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 19–23, 2018, Proceedings, Part I, volume 10991 of Lecture Notes in Computer Science, pp. 662–692. Springer, Berlin (2018)

  16. 16.

    Dinur, I.: Cryptanalytic time-memory-data tradeoffs for fx-constructions with applications to PRINCE and PRIDE. In Oswald, E., Fischlin, M. (eds.) Advances in Cryptology - EUROCRYPT 2015 - 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Sofia, Bulgaria, April 26-30, 2015, Proceedings, Part I, volume 9056 of Lecture Notes in Computer Science, pp. 231–253. Springer, Berlin (2015)

  17. 17.

    Dinur, I.: Cryptanalytic time-memory-data trade-offs for fx-constructions and the affine equivalence problem. J. Cryptol. 33(3), 874–909 (2020)

    MathSciNet  Article  Google Scholar 

  18. 18.

    Dunkelman, O., Keller, N., Shamir, A.: Minimalism in cryptography: The even-mansour scheme revisited. In Pointcheval, D. Johansson, T. (eds.) Advances in Cryptology - EUROCRYPT 2012 - 31st Annual International Conference on the Theory and Applications of Cryptographic Techniques, Cambridge, UK, April 15–19, 2012. Proceedings, volume 7237 of Lecture Notes in Computer Science, pp. 336–354. Springer, Berlin (2012)

  19. 19.

    Dunkelman, O., Keller, N., Shamir, A.: Slidex attacks on the even-mansour encryption scheme. J. Cryptol. 28(1), 1–28 (2015)

    MathSciNet  Article  Google Scholar 

  20. 20.

    Dobraunig, C., Moazami, F., Rechberger, C., Soleimany, H.: Framework for faster key search using related-key higher-order differential properties: applications to agrasta. IET Inf. Secur. 14(2), 202–209 (2020)

    Article  Google Scholar 

  21. 21.

    Daemen, J., Rijmen, V.: The design of Rijndael: AES - the advanced encryption standard. In Information Security and Cryptography. Springer, Berlin (2002)

    Book  Google Scholar 

  22. 22.

    Even, S., Mansour, Y.: A Construction of a Cipher From a Single Pseudorandom Permutation. In Imai, H., Rivest, R.L., Matsumoto, T. (eds.) ASIACRYPT, volume 739 of LNCS, pp. 210–224. Springer, Berlin (1991)

  23. 23.

    Gérard, B., Grosso, V., Naya-Plasencia, M., Standaert, F.-X.: Block ciphers that are easier to mask: How far can we go? In Bertoni, G., Coron, J.-S. (eds.) Cryptographic Hardware and Embedded Systems - CHES 2013 - 15th International Workshop, Santa Barbara, CA, USA, August 20–23, 2013. Proceedings, volume 8086 of Lecture Notes in Computer Science, pp. 383–399. Springer, Berlin (2013)

  24. 24.

    Gérard, B., Grosso, V., Naya-Plasencia, M., Standaert, F.-X.: Block ciphers that are easier to mask: How far can we go? IACR Cryptol. ePrint Arch. 2013, 369 (2013)

  25. 25.

    Knudsen, L.R.: Cryptanalysis of LOKI91. In Seberry, J., Zheng, Y. (eds.) AUSCRYPT, volume 718 of LNCS, pp. 196–208. Springer, Berlin (1992)

  26. 26.

    Käsper, E., Rijmen, V., Bjørstad, T.E., Rechberger, C., Robshaw, M.J.B., Sekar, G.: Correlated keystreams in moustique. In Vaudenay, S. (ed.), AFRICACRYPT, volume 5023 of LNCS, pp. 246–257. Springer, Berlin (2008)

  27. 27.

    Soleimany, H.: Self-similarity cryptanalysis of the block cipher itubee. IET Inf. Secur. 9(3), 179–184 (2015)

    MathSciNet  Article  Google Scholar 

Download references

Author information

Affiliations

Authors

Corresponding author

Correspondence to Hadi Soleimany.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Soleimany, H., Moazami, F. A generalized framework for accelerating exhaustive search utilizing deterministic related-key differential characteristics. J Comput Virol Hack Tech (2021). https://doi.org/10.1007/s11416-021-00401-2

Download citation

Keywords

  • Block cipher
  • Cryptanalysis
  • Related-key model
  • Single-key model