Advertisement

Springer Nature is making SARS-CoV-2 and COVID-19 research free. View research | View latest news | Sign up for updates

Key recovery attack for PRESENT using slender-set linear cryptanalysis

PRESENT 算法的 slender 集线性密钥恢复攻击

Abstract

In this paper, we propose a new n-round key recovery attack using modified slender-set linear cryptanalysis on PRESENT-like cipher with public S-boxes. In our attack, an effective method for distinguishing the right key from the wrong ones is presented. We apply our attack to PRESENT-80. The experiments show that we can recover the entire 80 key bits of 12-rounds PRESENT-80 with 2{sn32} data complexity, 236 time complexity, and negligible memory complexity. Furthermore, we investigate an (n+1)-round attack by extending the n-round key recovery attack. Our method can be used in most PRESENT-like ciphers where the linear layer is a bit-wise permutation.

摘要

创新点

本文利用slender集线性分析方法, 针对公开S盒的类PRESENT算法, 给出了一个新的n轮密钥恢复攻击, 并对减轮的PRESENT-80进行了实际攻击。攻击结果表明, 我们能以2^32的数据复杂度, 2^36的时间复杂度及忽略不计的存储复杂度, 恢复出12轮PRESENT算法的全部80比特密钥。在n轮密钥恢复攻击的基础之上, 我们进一步给出了(n+1)轮的密钥恢复攻击。该攻击方法对线性变换设计为比特置换的类PRESENT算法都有效。

This is a preview of subscription content, log in to check access.

References

  1. 1

    Lim C, Korkishko T. mCrypton—a lightweight block cipher for security of low-cost RFID tags and sensors. In: Proceedings of 6th International Workshop on Information Security Applications, Jeju Island, 2005. 243–258

  2. 2

    Hong D, Sung J, Hong S, et al. HIGHT: a new block cipher suitable for low-resource device. In: Proceedings of 8th International Workshop on Cryptographic Hardware and Embedded Systems, Yokohama, 2006. 46–59

  3. 3

    Engels D, Saarinen M J, Schweitzer P, et al. The hummingbird-2 lightweight authenticated encryption algorithm. In: Proceedings of 7th International Conference on RFID Security and Privacy, Amherst, 2012. 19–31

  4. 4

    Standaert F X, Piret G, Gershenfeld N, et al. SEA: a scalable encryption algorithm for small embedded applications. In: Proceedings of 7th IFIP WG 8.8/11.2 International Conference on Smart Card Research and Advanced Applications, Tarragona, 2006. 222–236

  5. 5

    Leander G, Paar C, Poschmann A, et al. New lightweight DES variants. In: Proceedings of 14th International Workshop on Fast Software Encryption, Luxembourg, 2007. 196–210

  6. 6

    Cannière C, Dunkelman O, Knežević M. KATAN and KTANTAN—a family of small and efficient hardware-oriented block ciphers. In: Proceedings of 11th International Workshop on Cryptographic Hardware and Embedded Systems, Lausanne, 2009. 272–288

  7. 7

    Izadi M, Sadeghiyan B, Sadeghian S, et al. MIBS: a new lightweight block cipher. In: Proceedings of 8th International Conference on Cryptology and Network Security, Kanazawa, 2009. 334–348

  8. 8

    Guo J, Peyrin T, Poschmann A, et al. The LED block cipher. In: Proceedings of 13th International Workshop on Cryptographic Hardware and Embedded Systems, Nara, 2011. 326–341

  9. 9

    Bogdanov A, Knudsen L R, Leander G, et al. PRESENT: an ultra-lightweight block cipher. In: Proceedings of 9th International Workshop on Cryptographic Hardware and Embedded Systems, Vienna, 2007. 450–466

  10. 10

    Wang M. Differential cryptanalysis of reduced-round PRESENT. In: Proceedings of 1st International Conference on Cryptology in Africa, Casablanca, 2008. 40–49

  11. 11

    Collard B, Standaert F X. A statistical saturation attack against the block cipher PRESENT. In: Proceedings of the Cryptographers’ Track at the RSA Conference, San Francisco, 2009. 195–210

  12. 12

    Nakahara J, Sepehrdad P, Zhang B, et al. Linear (hull) and algebraic cryptanalysis of the block cipher PRESENT. In: Proceedings of 8th International Conference on Cryptology and Network Security, Kanazawa, 2009. 58–75

  13. 13

    Ohkuma K. Weak keys of reduced-round PRESENT for linear cryptanalysis. In: Proceedings of 16th Annual International Workshop on Selected Areas in Cryptography, Calgary, 2009. 249–265

  14. 14

    Blondeau C, Gérard B. Multiple differential cryptanalysis: theory and practice. In: Proceedings of 18th International Workshop on Fast Software Encryption, Lyngby, 2011. 35–54

  15. 15

    Blondeau C, Gérard B. Multiple differential cryptanalysis: theory and practice (corrected). Cryptology ePrint Archive. Report 2011/115, 2011

  16. 16

    Blondeau C, Gérard B, Nyberg K. Multiple differential cryptanalysis using LLR and χ2 statistics. In: Proceedings of 8th International Conference on Security and Cryptography for Networks, Amalfi, 2012. 343–360

  17. 17

    Wang M, Sun Y, Tischhauser E, et al. A model for structure attacks, with applications to PRESENT and Serpent. In: Proceedings of 19th International Workshop on Fast Software Encryption, Washington DC, 2012. 49–68

  18. 18

    Cho J. Linear cryptanalysis of reduced-round PRESENT. In: Proceedings of the Cryptographers’ Track at the RSA Conference, San Francisco, 2010. 302–317

  19. 19

    Liu G Q, Jin C H. Differential cryptanalysis of PRESENT-like cipher. Designs Codes Cryptogr, 2015, 76: 385–408

  20. 20

    Matsui M. The first experimental cryptanalysis of the data encryption standard. In: Proceedings of 14th Annual International Cryptology Conference on Advances in Cryptology, Santa Barbara, 1994. 1–11

  21. 21

    Matsui M. Linear cryptanalysis method for DES cipher. In: Proceedings of Workshop on the Theory and Application of Cryptographic Techniques, Lofthus, 1994. 386–397

  22. 22

    Borghoff J, Knudsen L, Leander G, et al. Cryptanalysis of PRESENT-like ciphers with secret S-boxes. In: Proceedings of 18th International Conference on Fast Software Encryption, Lyngby, 2011. 270–289

  23. 23

    Borghoff J, Knudsen L, Leander G, et al. Slender-set differential cryptanalysis. J Cryptol, 2013, 26: 11–38

  24. 24

    Liu G Q, Jin C H, Qi C D. Improved slender-set linear cryptanalysis. Cryptology ePrint Archive, Report 2014/100, 2014

  25. 25

    Liu G Q, Jin C H, Qi C D. Improved slender-set linear cryptanalysis. In: Proceedings of 21st International Workshop on Fast Software Encryption, London, 2014. 431–450

  26. 26

    Sun X R, Lai X J. The key-dependent attack on block ciphers. In: Proceedings of 15th International Conference on the Theory and Application of Cryptology and Information Security, Tokyo, 2009. 19–36

  27. 27

    Selçuk A A. On probability of success in linear and differential cryptanalysis. J Cryptol, 2008, 21: 131–147

Download references

Author information

Correspondence to Guoqiang Liu.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Liu, G., Jin, C. & Kong, Z. Key recovery attack for PRESENT using slender-set linear cryptanalysis. Sci. China Inf. Sci. 59, 32110 (2016). https://doi.org/10.1007/s11432-015-5295-9

Download citation

Keywords

  • block cipher
  • linear cryptanalysis
  • slender-set
  • PRESENT cipher
  • S-box

关键词

  • 分组密码
  • 线性密码分析
  • slender 集
  • PRESENT 算法
  • S 盒