Improved meet-in-the-middle attacks on reduced-round Piccolo

  • Ya Liu
  • Liang Cheng
  • Zhiqiang Liu
  • Wei Li
  • Qingju Wang
  • Dawu Gu
Research Paper
  • 50 Downloads

Abstract

Piccolo is a lightweight block cipher that adopts a generalized Feistel network structure with 4 branches, each of which is 16 bit long. The key length is 80 or 128 bit, denoted by Piccolo-80 and Piccolo-128, respectively. In this paper, we mounted meet-in-the-middle attacks on 14-round Piccolo-80 without preand post-whitening keys and 18-round Piccolo-128 with post-whitening keys by exploiting the properties of the key schedule and Maximum Distance Separable (MDS) matrix. For Piccolo-80, we first constructed a 5-round distinguisher. Then 4 rounds and 5 rounds were appended at the beginning and at the end, respectively. Based on this structure, we mounted an attack on 14-round Piccolo-80 from the 5th round to the 18th round. The data, time, and memory complexities were 252 chosen plaintexts, 267.44 encryptions, and 264.91 blocks, respectively. For Piccolo-128, we built a 7-round distinguisher to attack 18-round Piccolo-128 from the 4th round to the 21st round. The data, time, and memory complexities were 252 chosen plaintexts, 2126.63 encryptions, and 2125.29 blocks, respectively. If not considering results on biclique cryptanalysis, these are currently the best public results on this reduced version of the Piccolo block cipher.

Keywords

block cipher lightweight Piccolo meet-in-the-middle attack distinguisher 

Notes

Acknowledgements

This work was supported by National Natural Science Foundation of China (Grant Nos. 61402288, 61672347, 61772129, 61472250), National Basic Research Program of China (Grant No. 2013CB338004), Shanghai Natural Science Foundation (Grant Nos. 15ZR1400300, 16ZR1401100), Innovation Program of Shanghai Municipal Education Commission (Grant No. 14ZZ066), Opening Project of Shanghai Key Laboratory of Integrated Administration Technologies for Information Security(Grant No. AGK201703). The authors are grateful to Dr. Lei WANG and the reviewers for their valuable suggestions and comments.

References

  1. 1.
    Bogdanov A, Knudsen L R, Leander G, et al. PRESENT: an ultra-lightweight block cipher. In: Cryptographic Hardware and Embedded Systems-CHES 2007. Berlin: Springer-Verlag, 2007. 450–466MATHGoogle Scholar
  2. 2.
    Wu W, Zhang L. LBlock: a lightweight block cipher. In: Applied Cryptography and Network Security-ACNS 2011. Berlin: Springer-Verlag, 2011. 327–344MATHGoogle Scholar
  3. 3.
    Guo J, Peyrin T, Poschmann A, et al. The LED block cipher. In: Cryptographic Hardware and Embedded Systems-CHES 2011. Berlin: Springer-Verlag, 2011. 326–341MATHGoogle Scholar
  4. 4.
    Shibutani K, Isobe T, Hiwatari H, et al. Piccolo: an ultra-lightweight blockcipher. In: Cryptographic Hardware and Embedded Systems-CHES 2011. Berlin: Springer-Verlag, 2011. 342–357MATHGoogle Scholar
  5. 5.
    Suzaki T, Minematsu K, Morioka S, et al. TWINE: a lightweight block cipher for multiple platforms. In: Selected Areas in Cryptography-SAC 2012. Berlin: Springer-Verlag, 2013. 339–354MATHGoogle Scholar
  6. 6.
    Isobe T, Shibutani K. Security analysis of the lightweight block ciphers XTEA, LED and Piccolo. In: Proceedings of Australasian Conference on Information Security and Privacy-ACISP 2012. Berlin: Springer-Verlag, 2012. 71–86MATHGoogle Scholar
  7. 7.
    Minier M. On the security of Piccolo lightweight block cipher against related-key impossible differentials. In: Progress in Cryptology-INDOCRYPT 2013. Berlin: Springer-Verlag, 2013. 308–318MATHGoogle Scholar
  8. 8.
    Azimi S, Ahmadian Z, Mohajeri J, et al. Impossible differential cryptanalysis of Piccolo lightweight block cipher. In: Proceedings of International ISC Conference on Information Security and Cryptology-ISCISC 2014. Piscataway: IEEE, 2014. 89–94Google Scholar
  9. 9.
    Huang J L, Lai X J. What is the effective key length for a block cipher: an attack on every practical block cipher. Sci China Inf Sci, 2014, 57: 072110MATHGoogle Scholar
  10. 10.
    Tolba M, Abdelkhalek A, Youssef A M. Meet-in-the-middle attacks on reduced round Piccolo. In: Lightweight Cryptography for Security and Privacy-LightSec 2015. Berlin: Springer-Verlag, 2016. 3–20MATHGoogle Scholar
  11. 11.
    Jeong K, Kang H, Lee C, et al. Biclique cryptanalysis of lightweight block ciphers PRESENT, Piccolo and LED. IACR Cryptology ePrint Archive, 2012, 2012: 621Google Scholar
  12. 12.
    Wang Y, Wu W, Yu X. Biclique cryptanalysis of reduced-round Piccolo block cipher. In: Information Security Practice and Experience-ISPEC 2012. Berlin: Springer-Verlag, 2012. 337–352MATHGoogle Scholar
  13. 13.
    Ahmadi S, Ahmadian Z, Mohajeri J, et al. Low-data complexity biclique cryptanalysis of block ciphers with application to Piccolo and HIGHT. IEEE Trans Inf Foren Sec, 2014, 9: 1641–1652CrossRefGoogle Scholar
  14. 14.
    Jeong K. Cryptanalysis of block cipher Piccolo suitable for cloud computing. J Supercomput, 2013, 66: 829–840CrossRefGoogle Scholar
  15. 15.
    Song J, Lee K, Lee H. Biclique cryptanalysis on lightweight block cipher: HIGHT and Piccolo. Int J Comput Math, 2013, 90: 2564–2580CrossRefMATHGoogle Scholar
  16. 16.
    Gong Z, Liu S, Wen Y, et al. Biclique cryptanalysis using balanced complete bipartite subgraphs. Sci China Inf Sci, 2016, 59: 049101CrossRefGoogle Scholar
  17. 17.
    Biryukov A, Derbez P, Perrin L. Differential analysis and meet-in-the-middle attack against round-reduced TWINE. In: Fast Software Encryption-FSE 2015. Berlin: Springer-Verlag, 2015. 3–27MATHGoogle Scholar
  18. 18.
    Demirci H, Sel¸cuk A A. A meet-in-the-middle attack on 8-round AES. In: Fast Software Encryption-FSE 2008. Berlin: Springer-Verlag, 2008. 116–126MATHGoogle Scholar
  19. 19.
    Chen J, Li L. Low data complexity attack on reduced camellia-256. In: Proceedings of Australasian Conference on Information Security and Privacy-ACISP 2012. Berlin: Springer-Verlag, 2012. 101–114MATHGoogle Scholar
  20. 20.
    Bogdanov A, Rechberger C. A 3-subset meet-in-the-middle attack: cryptanalysis of the lightweight block cipher KTANTAN. In: Selected Areas in Cryptography-SAC 2010. Berlin: Springer-Verlag, 2011. 229–240MATHGoogle Scholar
  21. 21.
    Jia K, Yu H, Wang X. A meet-in-the-middle attack on the full kasumi. IACR Cryptol ePrint Archive, 2011, 2011: 466Google Scholar
  22. 22.
    Aoki K, Sasaki Y. Preimage attacks on one-block MD4, 63-step MD5 and more. In: Selected Areas in Cryptography-SAC 2008. Berlin: Springer-Verlag, 2009. 103–119MATHGoogle Scholar
  23. 23.
    Sasaki Y, Aoki K. Finding preimages in full MD5 faster than exhaustive search. In: Advances in Cryptology-EUROCRYPT 2009. Berlin: Springer-Verlag, 2009. 134–152MATHGoogle Scholar
  24. 24.
    Dunkelman O, Keller N, Shamir A. Improved single-key attacks on 8-round AES-192 and AES-256. In: Advances in Cryptology-ASIACRYPT 2010. Berlin: Springer-Verlag, 2010. 158–176MATHGoogle Scholar
  25. 25.
    Derbez P, Fouque P-A, Jean J. Improved key recovery attacks on reduced-round AES in the single-key setting. In: Advances in Cryptology C EUROCRYPT 2013. Berlin: Springer-Verlag, 2013. 371–387MATHGoogle Scholar
  26. 26.
    Li L, Jia K, Wang X. Improved single-key attacks on 9-round AES-192/256. In: Fast Software Encryption-FSE 2015. Berlin: Springer-Verlag, 2015. 127–146MATHGoogle Scholar
  27. 27.
    Guo J, Jean J, Nikolic I, et al. Meet-in-the-middle attacks on generic Feistel constructions. In: Advances in Cryptology-ASIACRYPT 2014. Berlin: Springer-Verlag, 2014. 458–477MATHGoogle Scholar
  28. 28.
    Guo J, Yu S. Extended meet-in-the-middle attacks on some Feistel constructions. Design Code Cryptogr, 2016, 80: 587–618MathSciNetCrossRefMATHGoogle Scholar
  29. 29.
    Guo J, Jean J, Nikolic I, et al. Meet-in-the-middle attacks on classes of contracting and expanding Feistel constructions. IACR Transact Symmetric Cryptol, 2017, 2016: 307–337Google Scholar

Copyright information

© Science China Press and Springer-Verlag GmbH Germany, part of Springer Nature 2017

Authors and Affiliations

  • Ya Liu
    • 1
    • 2
    • 3
  • Liang Cheng
    • 1
  • Zhiqiang Liu
    • 3
    • 2
  • Wei Li
    • 4
    • 5
  • Qingju Wang
    • 3
    • 6
  • Dawu Gu
    • 3
  1. 1.Department of Computer Science and EngineeringUniversity of Shanghai for Science and TechnologyShanghaiChina
  2. 2.State Key Laboratory of CryptologyBeijingChina
  3. 3.Department of Computer Science and EngineeringShanghai Jiao Tong UniversityShanghaiChina
  4. 4.School of Computer Science and TechnologyDonghua UniversityShanghaiChina
  5. 5.Shanghai Key Laboratory of Integrated Administration Technologies for Information SecurityShanghaiChina
  6. 6.Department of Applied Mathematics and Computer ScienceTechnical University of DenmarkKgs. LyngbyDenmark

Personalised recommendations