A Cryptanalysis of PRINTcipher: The Invariant Subspace Attack

  • Gregor Leander
  • Mohamed Ahmed Abdelraheem
  • Hoda AlKhzaimi
  • Erik Zenner
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6841)

Abstract

At CHES 2010, the new block cipher PRINTcipher was presented as a light-weight encryption solution for printable circuits [15]. The best attack to date is a differential attack [1] that breaks less than half of the rounds. In this paper, we will present a new attack called invariant subspace attack that breaks the full cipher for a significant fraction of its keys. This attack can be seen as a weak-key variant of a statistical saturation attack. For such weak keys, a chosen plaintext distinguishing attack can be mounted in unit time. In addition to breaking PRINTcipher, the new attack also gives us new insights into other, more well-established attacks. We derive a truncated differential characteristic with a round-independent but highly key-dependent probability. In addition, we also show that for weak keys, strongly biased linear approximations exists for any number of rounds. In this sense, PRINTcipher behaves very differently to what is usually – often implicitly – assumed.

Keywords

Symmetric cryptography block cipher invariant subspace attack truncated differentials linear cryptanalysis statistical saturation attack 

References

  1. 1.
    Abdelraheem, M.A., Leander, G., Zenner, E.: Differential cryptanalysis of round-reduced PRINTcipher: Computing roots of permutations. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 1–17. Springer, Heidelberg (2011)Google Scholar
  2. 2.
    Ben-Aroya, I., Biham, E.: Differential cryptanalysis of Lucifer. Journal of Cryptology 9(1), 21–34 (1996)MATHCrossRefGoogle Scholar
  3. 3.
    Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y., Vikkelsoe, C.: PRESENT: An Ultra-Lightweight Block Cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  4. 4.
    Bogdanov, A., Rechberger, C.: A 3-Subset Meet-in-the-Middle Attack: Cryptanalysis of the Lightweight Block Cipher KTANTAN. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) SAC 2010. LNCS, vol. 6544, pp. 229–240. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  5. 5.
    De Cannière, C., Dunkelman, O., Knežević, M.: KATAN and KTANTAN — A Family of Small and Efficient Hardware-Oriented Block Ciphers. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 272–288. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  6. 6.
    Cho, J.Y.: Linear Cryptanalysis of Reduced-Round PRESENT. In: Pieprzyk, J. (ed.) CT-RSA 2010. LNCS, vol. 5985, pp. 302–317. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  7. 7.
    Collard, B., Standaert, F.-X.: A Statistical Saturation Attack against the Block Cipher PRESENT. In: Fischlin, M. (ed.) CT-RSA 2009. LNCS, vol. 5473, pp. 195–210. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  8. 8.
    Collard, B., Standaert, F.-X.: Multi-trail Statistical Saturation Attacks. In: Zhou, J., Yung, M. (eds.) ACNS 2010. LNCS, vol. 6123, pp. 123–138. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  9. 9.
    Daemen, J., Peeters, M., van Assche, G., Rijmen, V.: Nessie proposal: NOEKEON (2000), http://gro.noekeon.org/Noekeon-spec.pdf
  10. 10.
    Daemen, J., Rijmen, V.: Plateau characteristics. Information Security, IET 1(1), 11–17 (2007)CrossRefGoogle Scholar
  11. 11.
    Dinur, I., Shamir, A.: Breaking grain-128 with dynamic cube attacks. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 167–187. Springer, Heidelberg (2011)Google Scholar
  12. 12.
    Harpes, C., Massey, J.L.: Partitioning Cryptanalysis. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 13–27. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  13. 13.
    Hong, D., Sung, J., Hong, S.H., Lim, J.-I., Lee, S.-J., Koo, B.-S., Lee, C.-H., Chang, D., Lee, J., Jeong, K., Kim, H., Kim, J.-S., Chee, S.: HIGHT: A New Block Cipher Suitable for Low-Resource Device. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 46–59. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  14. 14.
    Knellwolf, S., Meier, W., Naya-Plasencia, M.: Conditional Differential Cryptanalysis of NLFSR-Based Cryptosystems. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 130–145. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  15. 15.
    Knudsen, L.R., Leander, G., Poschmann, A., Robshaw, M.J.B.: PRINTcipher: A Block Cipher for IC-Printing. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 16–32. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  16. 16.
    Lai, X., Massey, J.L., Murphy, S.: Markov Ciphers and Differential Cryptanalysis. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 17–38. Springer, Heidelberg (1991)Google Scholar
  17. 17.
    Leander, G.: On Linear Hulls, Statistical Saturation Attacks, PRESENT and a Cryptanalysis of PUFFIN. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 303–322. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  18. 18.
    Murphy, S.: The Effectiveness of the Linear Hull Effect. Technical report, RHUL-MA-2009-19 (2009)Google Scholar

Copyright information

© International Association for Cryptologic Research 2011

Authors and Affiliations

  • Gregor Leander
    • 1
  • Mohamed Ahmed Abdelraheem
    • 1
  • Hoda AlKhzaimi
    • 1
  • Erik Zenner
    • 1
  1. 1.Technical University of DenmarkLyngbyDenmark

Personalised recommendations