Differential Cryptanalysis of Round-Reduced PRINTcipher: Computing Roots of Permutations

  • Mohamed Ahmed Abdelraheem
  • Gregor Leander
  • Erik Zenner
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6733)


At CHES 2010, the new block cipher PRINTcipher was presented. In addition to using an xor round key as is common practice for round-based block ciphers, PRINTcipher also uses key-dependent permutations. While this seems to make differential cryptanalysis difficult due to the unknown bit permutations, we show in this paper that this is not the case. We present two differential attacks that successfully break about half of the rounds of PRINTcipher, thereby giving the first cryptanalytic result on the cipher.

In addition, one of the attacks is of independent interest, since it uses a mechanism to compute roots of permutations. If an attacker knows the many-round permutation π r, the algorithm can be used to compute the underlying single-round permutation π. This technique is thus relevant for all iterative ciphers that deploy key-dependent permutations. In the case of PRINTcipher, it can be used to show that the linear layer adds little to the security against differential attacks.


symmetric cryptography block cipher differential cryptanalysis permutations 


  1. 1.
    Annin, S., Jansen, T.: On kth roots in the symmetric and alternating groups. Pi Mu Epsilon Journal 12(10), 581–589 (2009)Google Scholar
  2. 2.
    Biham, E., Shamir, A.: Differential Cryptanalysis of DES-like Cryptosystems. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 2–21. Springer, Heidelberg (1991)Google Scholar
  3. 3.
    Bogdanov, A.A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y., Vikkelsø, C.: PRESENT: An Ultra-Lightweight Block Cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  4. 4.
    De Cannière, C., Dunkelman, O., Knežević, M.: KATAN and KTANTAN — A Family of Small and Efficient Hardware-Oriented Block Ciphers. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 272–288. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  5. 5.
    Gilbert, H., Chauvaud, P.: A Chosen Plaintext Attack of the 16-Round Khufu Cryptosystem. In: Desmedt, Y. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 359–368. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  6. 6.
    Groch, A., Hofheinz, D., Steinwandt, R.: A practical attack on the root problem in braid groups. In: Algebraic Methods in Cryptography, vol. 418, pp. 121–132. American Mathematical Society, Providence (2006)CrossRefGoogle Scholar
  7. 7.
    Hong, D., Sung, J., Hong, S.H., Lim, J.-I., Lee, S.-J., Koo, B.-S., Lee, C.-H., Chang, D., Lee, J., Jeong, K., Kim, H., Kim, J.-S., Chee, S.: HIGHT: A New Block Cipher Suitable for Low-Resource Device. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 46–59. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  8. 8.
    Knudsen, L.R., Leander, G., Poschmann, A., Robshaw, M.J.B.: PRINTcipher: A Block Cipher for IC-Printing. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 16–32. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  9. 9.
    Leaños, J., Moreno, R., Rivera-Martínez, L.M.: A note on the number of m-th roots of permutations. Arxiv preprint arXiv:1005.1531 (2010)Google Scholar
  10. 10.
    Merkle, R.C.: Fast software encryption functions. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 476–501. Springer, Heidelberg (1991)Google Scholar
  11. 11.
    Pavlov, A.I.: On the number of solutions of the equation x k = a in the symmetric group S n. Mathematics of the USSR-Sbornik 40(3), 349–362 (1981)CrossRefGoogle Scholar
  12. 12.
    Schneier, B.: Description of a new variable-length key, 64-bit block cipher (Blowfish). In: Anderson, R.J. (ed.) FSE 1993. LNCS, vol. 809, pp. 191–204. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  13. 13.
    Schneier, B., Kelsey, J., Whiting, D., Wagner, D., Hall, C., Ferguson, N.: Twofish: A 128-bit block cipher. Submitted as candidate for AES (February 5, 2010),
  14. 14.
    Vaudenay, S.: On the weak keys of Blowfish. In: Gollmann, D. (ed.) FSE 1996. LNCS, vol. 1039, pp. 27–32. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  15. 15.
    Wilf, H.S.: Generatingfunctionology. Academic Press, London (1993)zbMATHGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2011

Authors and Affiliations

  • Mohamed Ahmed Abdelraheem
    • 1
  • Gregor Leander
    • 1
  • Erik Zenner
    • 1
  1. 1.Technical University of DenmarkKgs. LyngbyDenmark

Personalised recommendations