Springer Nature is making Coronavirus research free. View research | View latest news | Sign up for updates

Cryptanalysis of full PRIDE block cipher

PRIDE算法的全轮攻击

  • 117 Accesses

  • 3 Citations

Abstract

PRIDE is a lightweight block cipher proposed at CRYPTO 2014 by Albrecht et al., who claimed that the construction of linear layers is efficient and secure. In this paper, we investigate the key schedule and find eight 2-round iterative related-key differential characteristics, which can be used to construct 18-round related-key differentials. A study of the first subkey derivation function reveals that there exist three weak-key classes, as a result of which all the differences of subkeys for each round are identical. For the weak-key classes, we also find eight 2-round iterative related-key differential characteristics. Based on one of the related-key differentials, we launch an attack on the full PRIDE block cipher. The data and time complexity are 239 chosen plaintexts and 292 encryptions, respectively. Moreover, by using multiple related-key differentials, we improve the cryptanalysis, which then requires 241.6 chosen plaintexts and 242.7 encryptions, respectively. Finally, we use two 17-round related-key differentials to analyze full PRIDE, which requires 235 plaintexts and 254.7 encryptions. These are the first results on full PRIDE, and show that the PRIDE block cipher is not secure against related-key differential attack.

创新点

PRIDE算法是2014年美密会上提出的一个轻量级分组密码。研究PRIDE算法的密钥扩展算法,找到8个2轮循环相关密钥差分特征, 进一步讨论函数g_r(1),发现存在3个弱密钥类使得每个轮子密钥差分都相等,进而同样存在8个2轮的循环相关密钥差分特征。利用这样的差分特征,可构造17或18轮的相关密钥差分路径。基于1条18轮路径,攻击全轮PRIDE算法需要239个选择明文和292次加密。利用多条路径可提高攻击效率,即需要241.6个选择明文和242.7次加密。最后利用2条17轮路径攻击全轮PRIDE算法,攻击需要235个选择明文和254.7次加密。这些结果首次实现了PRIDE算法的全轮攻击,表明在相关密钥模型下,PRIDE算法是不够安全的。

This is a preview of subscription content, log in to check access.

References

  1. 1

    Bogdanov A, Knudsen L R, Leader G, et al. PRESENT: an ultra-lightweight block cipher. In: Proceedings of Cryptographic Hardware and Embedded Systems. Berlin/Heidelberg: Springer-Verlag, 2007. 450–466

  2. 2

    Knudsen L R, Leander G, Poschmann A, et al. PRINTcipher: a block cipher for IC printing. In: Proceedings of Cryptographic Hardware and Embedded Systems. Berlin/Heidelberg: Springer-Verlag, 2010. 16–32

  3. 3

    Guo L, Peyrin T, Poschmann A, et al. The LED block cipher. In: Proceedings of Cryptographic Hardware and Embedded Systems. Berlin/Heidelberg: Springer-Verlag, 2011. 326–341

  4. 4

    Wu WL, Zhang L. LBlock: a lightweight block cipher. In: Proceedings of Applied Cryptography and Network Security. Berlin/Heidelberg: Springer-Verlag, 2011. 327–344

  5. 5

    Borghoff J, Canteaut A, Güneysu T, et al. PRINCE–a low-latency block cihper for pervasive computing applicationsextended abstract. In: Proceedings of ASIACRYPT. Berlin/Heidelberg: Springer-Verlag, 2012. 208–225

  6. 6

    Beaulieuand R, Shors D, Smith J, et al. Performance of the SIMON and SPECK Family of Lightweight Block Ciphers. Technical Peport, National Security Agency, 2014

  7. 7

    Albrecht M R, Driessen B, Kavun E B, et al. Block ciphers–focus on the linear layer (feat. PRIDE). In: Proceedings of CRYPTO. Berlin/Heidelberg: Springer-Verlag, 2014. 57–76

  8. 8

    Zhao J Y, Wang X Y, Wang M Q, et al. Differential analysis on block cipher PRIDE. Cryptology ePrint Archive, 2014, 2014: 525

  9. 9

    Yang Q Q, Hu L, Sun S W, et al. Improved differential analysis of block cipher PRIDE. In: Proceedings of IPSEC. Berlin/Heidelberg: Springer-Verlag, 2015. 209–219

  10. 10

    Dinur I. Cryptanalytic time-memory-data tradeoffs for FX-constructions with applications to PRINCE and PRIDE. In: Proceedings of EUROCRYPT. Berlin/Heidelberg: Springer-Verlag, 2015. 231–253

  11. 11

    Biham E. New types of cryptanalytic attacks using related keys. J Cryptology, 1994, 7: 229–246

  12. 12

    Biham E, Shamir A. Differential cryptanalysis of DES-like cryptosystems. J Cryptology, 1991, 4: 3–72

  13. 13

    Kelsey J, Schneier B, Wagner D. Key schedule cryptanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES. In: Proceedings of CRYPTO. Berlin/Heidelberg: Springer-Verlag, 1996. 237–251

  14. 14

    Biryukov A, Dunkelman O, Keller N, et al. Key recovery attacks of practical complexity on AES-256 variants with up to 10 rounds. In: Proceedings of EUROCRYPT. Berlin/Heidelberg: Springer-Verlag, 2010. 299–319

  15. 15

    Biryukov A, Khovratovich D. Related-key cryptanalysis of the full AES-192 and AES-256. In: Proceedings of ASIACRYPT. Berlin/Heidelberg: Springer-Verlag, 2009. 1–18

  16. 16

    Dunkelman O, Keller N, Shamir A. A practical-time related-key attack on the KASUMI cryptosystem used in GSM and 3G telephony. In: Proceedings of CRYPTO. Berlin/Heidelberg: Springer-Verlag, 2010. 393–410

  17. 17

    Huang J L, Lai X J. What is the effective key length for a block cipher: an attack on every practical block cipher. Sci China Inf Sci, 2014, 57: 072110

Download references

Author information

Correspondence to Yibin Dai.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Dai, Y., Chen, S. Cryptanalysis of full PRIDE block cipher. Sci. China Inf. Sci. 60, 052108 (2017). https://doi.org/10.1007/s11432-015-5487-3

Download citation

Keywords

  • cryptanalysis
  • block cipher
  • PRIDE
  • iterative characteristics
  • related-key differential
  • 052108

关键词

  • 密码分析
  • 分组密码
  • PRIDE算法
  • 循环特征
  • 相关密钥差分