Differential Cryptanalysis of Round-Reduced PRINTcipher: Computing Roots of Permutations
At CHES 2010, the new block cipher PRINTcipher was presented. In addition to using an xor round key as is common practice for round-based block ciphers, PRINTcipher also uses key-dependent permutations. While this seems to make differential cryptanalysis difficult due to the unknown bit permutations, we show in this paper that this is not the case. We present two differential attacks that successfully break about half of the rounds of PRINTcipher, thereby giving the first cryptanalytic result on the cipher.
In addition, one of the attacks is of independent interest, since it uses a mechanism to compute roots of permutations. If an attacker knows the many-round permutation π r , the algorithm can be used to compute the underlying single-round permutation π. This technique is thus relevant for all iterative ciphers that deploy key-dependent permutations. In the case of PRINTcipher, it can be used to show that the linear layer adds little to the security against differential attacks.
Keywordssymmetric cryptography block cipher differential cryptanalysis permutations
- 1.Annin, S., Jansen, T.: On kth roots in the symmetric and alternating groups. Pi Mu Epsilon Journal 12(10), 581–589 (2009)Google Scholar
- 2.Biham, E., Shamir, A.: Differential Cryptanalysis of DES-like Cryptosystems. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 2–21. Springer, Heidelberg (1991)Google Scholar
- 5.Gilbert, H., Chauvaud, P.: A Chosen Plaintext Attack of the 16-Round Khufu Cryptosystem. In: Desmedt, Y. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 359–368. Springer, Heidelberg (1994)Google Scholar
- 7.Hong, D., Sung, J., Hong, S.H., Lim, J.-I., Lee, S.-J., Koo, B.-S., Lee, C.-H., Chang, D., Lee, J., Jeong, K., Kim, H., Kim, J.-S., Chee, S.: HIGHT: A New Block Cipher Suitable for Low-Resource Device. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 46–59. Springer, Heidelberg (2006)CrossRefGoogle Scholar
- 9.Leaños, J., Moreno, R., Rivera-Martínez, L.M.: A note on the number of m-th roots of permutations. Arxiv preprint arXiv:1005.1531 (2010)Google Scholar
- 10.Merkle, R.C.: Fast software encryption functions. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 476–501. Springer, Heidelberg (1991)Google Scholar
- 13.Schneier, B., Kelsey, J., Whiting, D., Wagner, D., Hall, C., Ferguson, N.: Twofish: A 128-bit block cipher. Submitted as candidate for AES (February 5, 2010), http://www.schneier.com/paper-twofish-paper.pdf