Key recovery attack for PRESENT using slender-set linear cryptanalysis

PRESENT 算法的 slender 集线性密钥恢复攻击

Abstract

In this paper, we propose a new n-round key recovery attack using modified slender-set linear cryptanalysis on PRESENT-like cipher with public S-boxes. In our attack, an effective method for distinguishing the right key from the wrong ones is presented. We apply our attack to PRESENT-80. The experiments show that we can recover the entire 80 key bits of 12-rounds PRESENT-80 with 2{sn32} data complexity, 236 time complexity, and negligible memory complexity. Furthermore, we investigate an (n+1)-round attack by extending the n-round key recovery attack. Our method can be used in most PRESENT-like ciphers where the linear layer is a bit-wise permutation.

摘要

创新点

本文利用slender集线性分析方法, 针对公开S盒的类PRESENT算法, 给出了一个新的n轮密钥恢复攻击, 并对减轮的PRESENT-80进行了实际攻击。攻击结果表明, 我们能以2^32的数据复杂度, 2^36的时间复杂度及忽略不计的存储复杂度, 恢复出12轮PRESENT算法的全部80比特密钥。在n轮密钥恢复攻击的基础之上, 我们进一步给出了(n+1)轮的密钥恢复攻击。该攻击方法对线性变换设计为比特置换的类PRESENT算法都有效。

This is a preview of subscription content, access via your institution.

References

  1. 1

    Lim C, Korkishko T. mCrypton—a lightweight block cipher for security of low-cost RFID tags and sensors. In: Proceedings of 6th International Workshop on Information Security Applications, Jeju Island, 2005. 243–258

    Google Scholar 

  2. 2

    Hong D, Sung J, Hong S, et al. HIGHT: a new block cipher suitable for low-resource device. In: Proceedings of 8th International Workshop on Cryptographic Hardware and Embedded Systems, Yokohama, 2006. 46–59

    Google Scholar 

  3. 3

    Engels D, Saarinen M J, Schweitzer P, et al. The hummingbird-2 lightweight authenticated encryption algorithm. In: Proceedings of 7th International Conference on RFID Security and Privacy, Amherst, 2012. 19–31

    Google Scholar 

  4. 4

    Standaert F X, Piret G, Gershenfeld N, et al. SEA: a scalable encryption algorithm for small embedded applications. In: Proceedings of 7th IFIP WG 8.8/11.2 International Conference on Smart Card Research and Advanced Applications, Tarragona, 2006. 222–236

    Google Scholar 

  5. 5

    Leander G, Paar C, Poschmann A, et al. New lightweight DES variants. In: Proceedings of 14th International Workshop on Fast Software Encryption, Luxembourg, 2007. 196–210

    Google Scholar 

  6. 6

    Cannière C, Dunkelman O, Knežević M. KATAN and KTANTAN—a family of small and efficient hardware-oriented block ciphers. In: Proceedings of 11th International Workshop on Cryptographic Hardware and Embedded Systems, Lausanne, 2009. 272–288

    Google Scholar 

  7. 7

    Izadi M, Sadeghiyan B, Sadeghian S, et al. MIBS: a new lightweight block cipher. In: Proceedings of 8th International Conference on Cryptology and Network Security, Kanazawa, 2009. 334–348

    Google Scholar 

  8. 8

    Guo J, Peyrin T, Poschmann A, et al. The LED block cipher. In: Proceedings of 13th International Workshop on Cryptographic Hardware and Embedded Systems, Nara, 2011. 326–341

    Google Scholar 

  9. 9

    Bogdanov A, Knudsen L R, Leander G, et al. PRESENT: an ultra-lightweight block cipher. In: Proceedings of 9th International Workshop on Cryptographic Hardware and Embedded Systems, Vienna, 2007. 450–466

    Google Scholar 

  10. 10

    Wang M. Differential cryptanalysis of reduced-round PRESENT. In: Proceedings of 1st International Conference on Cryptology in Africa, Casablanca, 2008. 40–49

    Google Scholar 

  11. 11

    Collard B, Standaert F X. A statistical saturation attack against the block cipher PRESENT. In: Proceedings of the Cryptographers’ Track at the RSA Conference, San Francisco, 2009. 195–210

    Google Scholar 

  12. 12

    Nakahara J, Sepehrdad P, Zhang B, et al. Linear (hull) and algebraic cryptanalysis of the block cipher PRESENT. In: Proceedings of 8th International Conference on Cryptology and Network Security, Kanazawa, 2009. 58–75

    Google Scholar 

  13. 13

    Ohkuma K. Weak keys of reduced-round PRESENT for linear cryptanalysis. In: Proceedings of 16th Annual International Workshop on Selected Areas in Cryptography, Calgary, 2009. 249–265

    Google Scholar 

  14. 14

    Blondeau C, Gérard B. Multiple differential cryptanalysis: theory and practice. In: Proceedings of 18th International Workshop on Fast Software Encryption, Lyngby, 2011. 35–54

    Google Scholar 

  15. 15

    Blondeau C, Gérard B. Multiple differential cryptanalysis: theory and practice (corrected). Cryptology ePrint Archive. Report 2011/115, 2011

    Google Scholar 

  16. 16

    Blondeau C, Gérard B, Nyberg K. Multiple differential cryptanalysis using LLR and χ2 statistics. In: Proceedings of 8th International Conference on Security and Cryptography for Networks, Amalfi, 2012. 343–360

    Google Scholar 

  17. 17

    Wang M, Sun Y, Tischhauser E, et al. A model for structure attacks, with applications to PRESENT and Serpent. In: Proceedings of 19th International Workshop on Fast Software Encryption, Washington DC, 2012. 49–68

    Google Scholar 

  18. 18

    Cho J. Linear cryptanalysis of reduced-round PRESENT. In: Proceedings of the Cryptographers’ Track at the RSA Conference, San Francisco, 2010. 302–317

    Google Scholar 

  19. 19

    Liu G Q, Jin C H. Differential cryptanalysis of PRESENT-like cipher. Designs Codes Cryptogr, 2015, 76: 385–408

    MathSciNet  Article  MATH  Google Scholar 

  20. 20

    Matsui M. The first experimental cryptanalysis of the data encryption standard. In: Proceedings of 14th Annual International Cryptology Conference on Advances in Cryptology, Santa Barbara, 1994. 1–11

    Google Scholar 

  21. 21

    Matsui M. Linear cryptanalysis method for DES cipher. In: Proceedings of Workshop on the Theory and Application of Cryptographic Techniques, Lofthus, 1994. 386–397

    Google Scholar 

  22. 22

    Borghoff J, Knudsen L, Leander G, et al. Cryptanalysis of PRESENT-like ciphers with secret S-boxes. In: Proceedings of 18th International Conference on Fast Software Encryption, Lyngby, 2011. 270–289

    Google Scholar 

  23. 23

    Borghoff J, Knudsen L, Leander G, et al. Slender-set differential cryptanalysis. J Cryptol, 2013, 26: 11–38

    MathSciNet  Article  MATH  Google Scholar 

  24. 24

    Liu G Q, Jin C H, Qi C D. Improved slender-set linear cryptanalysis. Cryptology ePrint Archive, Report 2014/100, 2014

    Google Scholar 

  25. 25

    Liu G Q, Jin C H, Qi C D. Improved slender-set linear cryptanalysis. In: Proceedings of 21st International Workshop on Fast Software Encryption, London, 2014. 431–450

    Google Scholar 

  26. 26

    Sun X R, Lai X J. The key-dependent attack on block ciphers. In: Proceedings of 15th International Conference on the Theory and Application of Cryptology and Information Security, Tokyo, 2009. 19–36

    Google Scholar 

  27. 27

    Selçuk A A. On probability of success in linear and differential cryptanalysis. J Cryptol, 2008, 21: 131–147

    MathSciNet  Article  MATH  Google Scholar 

Download references

Author information

Affiliations

Authors

Corresponding author

Correspondence to Guoqiang Liu.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Liu, G., Jin, C. & Kong, Z. Key recovery attack for PRESENT using slender-set linear cryptanalysis. Sci. China Inf. Sci. 59, 32110 (2016). https://doi.org/10.1007/s11432-015-5295-9

Download citation

Keywords

  • block cipher
  • linear cryptanalysis
  • slender-set
  • PRESENT cipher
  • S-box

关键词

  • 分组密码
  • 线性密码分析
  • slender 集
  • PRESENT 算法
  • S 盒