Related-Key Differential Cryptanalysis of Full Round CRAFT

  • Muhammad ElSheikh
  • Amr M. YoussefEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11947)


CRAFT is a lightweight tweakable block cipher introduced in FSE 2019. One of the main design criteria of CRAFT is the efficient protection of its implementations against differential fault analysis. While the authors of CRAFT provide several cryptanalysis results in several attack models, they do not claim any security of CRAFT against related-key differential attacks. In this paper, we utilize the simple key schedule of CRAFT to propose a systematic method for constructing several repeatable 2-round related-key differential characteristics with probability \(2^{-2}\). We then employ one of these characteristics to mount a key recovery attack on full-round CRAFT using \(2^{31}\) queries to the encryption oracle and \(2^{85}\) encryptions, and \(2^{41}\) 64-bit blocks of memory.. Additionally, we manage to use 8 related-key differential distinguishers, with 8 related-key differences, in order to mount a key recovery attack on the full-round cipher with \(2^{35.17}\) queries to the encryption oracle, \(2^{32}\) encryptions and about \(2^6\) 64-bit blocks of memory. Furthermore, we present another attack that recovers the whole master key with \(2^{36.09}\) queries to the encryption oracle and only 11 encryptions with \(2^7\) blocks of memory using 16 related-key differential distinguishers.


  1. 1.
    Banik, S., Pandey, S.K., Peyrin, T., Sasaki, Y., Sim, S.M., Todo, Y.: GIFT: a small present. In: Fischer, W., Homma, N. (eds.) CHES 2017. LNCS, vol. 10529, pp. 321–345. Springer, Cham (2017). Scholar
  2. 2.
    Beaulieu, R., Treatman-Clark, S., Shors, D., Weeks, B., Smith, J., Wingers, L.: The SIMON and SPECK lightweight block ciphers. In: 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC), pp. 1–6 (2015)Google Scholar
  3. 3.
    Beierle, C., et al.: The SKINNY family of block ciphers and its low-latency variant MANTIS. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016, Part II. LNCS, vol. 9815, pp. 123–153. Springer, Heidelberg (2016). Scholar
  4. 4.
    Beierle, C., Leander, G., Moradi, A., Rasoolzadeh, S.: CRAFT: lightweight tweakable block cipher with efficient protection against DFA attacks. IACR Trans. Symmetric Cryptol. 2019(1), 5–45 (2019). Scholar
  5. 5.
    Biham, E.: New types of cryptanalytic attacks using related keys. J. Cryptol. 7(4), 229–246 (1994)CrossRefGoogle Scholar
  6. 6.
    Biham, E., Shamir, A.: Differential Cryptanalysis of the Data Encryption Standard. Springer, New York (1993)CrossRefGoogle Scholar
  7. 7.
    Bogdanov, A., et al.: PRESENT: an ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007). Scholar
  8. 8.
    Hadipour, H., Sadeghi, S., Niknam, M.M., Bagheri, N.: Comprehensive security analysis of CRAFT. Cryptology ePrint Archive, Report 2019/741 (2019).
  9. 9.
    Selçuk, A.A.: On probability of success in linear and differential cryptanalysis. J. Cryptol. 21(1), 131–147 (2008)MathSciNetCrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Concordia Institute for Information Systems EngineeringConcordia UniversityMontréalCanada

Personalised recommendations