Practical Attack on 8 Rounds of the Lightweight Block Cipher KLEIN
KLEIN is a family of lightweight block ciphers presented at RFIDSec 2011 that combines a 4-bit Sbox with Rijndael’s byte-oriented MixColumn. This approach allows compact implementations of KLEIN in both low-end software and hardware. This paper shows that interactions between those two components lead to the existence of differentials of unexpectedly high probability: using an iterative collection of differential characteristics and neutral bits in plaintexts, we find conforming pairs for four rounds with amortized cost below 212 encryptions, whereas at least 230 was expected by the preliminary analysis of KLEIN. We exploit this observation by constructing practical (≈ 235-encryption), experimentally verified, chosen-plaintext key-recovery attacks on up to 8 rounds of KLEIN-64—the instance of KLEIN with 64-bit keys and 12 rounds.
Keywordsblock ciphers cryptanalysis lightweight cryptography
Unable to display preview. Download preview PDF.
- 4.Engels, D., Saarinen, M.J.O., Smith, E.M.: The Hummingbird-2 lightweight authenticated encryption algorithm. In: RFIDsec (2011)Google Scholar
- 10.Gong, Z., Nikova, S., Law, Y.W.: KLEIN: a new family of lightweight block ciphers. In: RFIDSec (2011)Google Scholar
- 11.Gong, Z., Nikova, S., Law, Y.W.: KLEIN: a new family of lightweight block ciphers (2011), http://doc.utwente.nl/73129/