Bitwise Partial-Sum on HIGHT: A New Tool for Integral Analysis Against ARX Designs

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8565)


In this paper, we present a new cryptanalytic tool that can reduce the complexity of integral analysis against Addition-Rotation-XOR (ARX) based designs. Our technique is based on the partial-sum technique proposed by Ferguson et al. at FSE 2000, which guesses subkeys byte to byte in turn, and the data to be analyzed is compressed for each key guess. In this paper, the technique is extended to ARX based designs. Subkeys are guessed in bitwise, and the data is compressed with respect to the sum of the guessed bit position and carry values to the next bit position. We call the technique bitwise partial-sum. We demonstrate this technique by applying it to reduced-round HIGHT, which is one of the ISO standard ciphers. Another contribution is an independent improvement specific to HIGHT which exploits more linearity inside the round function. Together with the bitwise partial-sum, the integral analysis on HIGHT is extended from previous 22 rounds to 26 rounds.


Integral analysis Partial-sum Bitwise partial-sum HIGHT 


  1. 1.
    Daemen, J., Knudsen, L.R., Rijmen, V.: The block cipher SQUARE. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 149–165. Springer, Heidelberg (1997)Google Scholar
  2. 2.
    Knudsen, L.R., Wagner, D.: Integral cryptanalysis. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 112–127. Springer, Heidelberg (2002)Google Scholar
  3. 3.
    Biryukov, A., Shamir, A.: Structural cryptanalysis of SASAS. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 394–405. Springer, Heidelberg (2001)Google Scholar
  4. 4.
    Nakahara Jr., J., de Freitas, D.S., Phan, R.C.-W.: New multiset attacks on Rijndael with large blocks. In: Dawson, E., Vaudenay, S. (eds.) Mycrypt 2005. LNCS, vol. 3715, pp. 277–295. Springer, Heidelberg (2005)Google Scholar
  5. 5.
    Z’aba, M.R., Raddum, H., Henricksen, M., Dawson, E.: Bit-pattern based integral attack. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 363–381. Springer, Heidelberg (2008)Google Scholar
  6. 6.
    Lucks, S.: The saturation attack - a bait for Twofish. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 1–15. Springer, Heidelberg (2002)Google Scholar
  7. 7.
    Aumasson, J.P., Leurent, G., Meier, W., Mendel, F., Mouha, N., Phan, R.C.W., Sasaki, Y., Susil, P.: Tuple cryptanalysis of ARX with application to BLAKE and Skein. In: ECRYPT II Hash Workshop (2011)Google Scholar
  8. 8.
    Ferguson, N., Kelsey, J., Lucks, S., Schneier, B., Stay, M., Wagner, D., Whiting, D.L.: Improved cryptanalysis of Rijndael. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 213–230. Springer, Heidelberg (2001)Google Scholar
  9. 9.
    Sasaki, Y., Wang, L.: Meet-in-the-middle technique for integral attacks against feistel ciphers. In: Knudsen, L.R., Wu, H. (eds.) SAC 2012. LNCS, vol. 7707, pp. 234–251. Springer, Heidelberg (2013)Google Scholar
  10. 10.
    Hong, D., et al.: HIGHT: a new block cipher suitable for low-resource device. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 46–59. Springer, Heidelberg (2006)Google Scholar
  11. 11.
    ISO/IEC 18033–3:2010: Information technology-Security techniques-Encryption Algorithms-Part 3: Block ciphers (2010)Google Scholar
  12. 12.
    Chen, J., Wang, M., Preneel, B.: Impossible differential cryptanalysis of the lightweight block ciphers TEA, XTEA and HIGHT. In: Mitrokotsa, A., Vaudenay, S. (eds.) AFRICACRYPT 2012. LNCS, vol. 7374, pp. 117–137. Springer, Heidelberg (2012)Google Scholar
  13. 13.
    Wu, W., Zhang, L.: LBlock: a lightweight block cipher. In: Lopez, J., Tsudik, G. (eds.) ACNS 2011. LNCS, vol. 6715, pp. 327–344. Springer, Heidelberg (2011)Google Scholar
  14. 14.
    Zhang, P., Sun, B., Li, C.: Saturation attack on the block cipher HIGHT. In: Garay, J.A., Miyaji, A., Otsuka, A. (eds.) CANS 2009. LNCS, vol. 5888, pp. 76–86. Springer, Heidelberg (2009)Google Scholar
  15. 15.
    Lu, J.: Cryptanalysis of block ciphers. Ph.D. thesis, Royal Holloway, University of London, England (2008)Google Scholar
  16. 16.
    Özen, O., Varici, K., Tezcan, C., Kocair, Ç.: Lightweight block ciphers revisited: cryptanalysis of reduced round PRESENT and HIGHT. In: Boyd, C., González Nieto, J. (eds.) ACISP 2009. LNCS, vol. 5594, pp. 90–107. Springer, Heidelberg (2009)Google Scholar
  17. 17.
    Koo, B., Hong, D., Kwon, D.: Related-key attack on the full HIGHT. In: Rhee, K.-H., Nyang, D.H. (eds.) ICISC 2010. LNCS, vol. 6829, pp. 49–67. Springer, Heidelberg (2011)Google Scholar
  18. 18.
    Needham, R.M., Wheeler, D.J.: TEA extensions. Technical report, Computer Laboratory, University of Cambridge (1997)Google Scholar
  19. 19.
    Ferguson, N., Lucks, S., Schneier, B., Whiting, D., Bellare, M., Kohno, T., Callas, J., Walker, J.: The Skein hash function family. Submission to NIST (Round 2) (2009)Google Scholar
  20. 20.
    Korea Internet and Security Agency: HIGHT Algorithm Specification (2009)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  1. 1.NTT Secure Platform LaboratoriesTokyoJapan
  2. 2.Nanyang Technological UniversitySingaporeSingapore

Personalised recommendations