On the Key Schedule Strength of PRESENT

  • Julio Cesar Hernandez-Castro
  • Pedro Peris-Lopez
  • Jean-Philippe Aumasson
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7122)


We present here the results of a playful research on how to measure the strength of a key schedule algorithm, with applications to PRESENT, including its two variants with 80 and 128 bit keys. We do not claim to have discovered any devastating weakness, but believe that some of the results presented, albeit controversial, could be of interest for other researchers investigating this cipher, notably for those working in impossible differentials and related key or slide attacks. Furthermore, in the case of PRESENT, key schedule features shown here may be exploited to attack some of the PRESENT-based hash functions. We carried out a probabilistic metaheuristic search for semi-equivalent keys, annihilators and entropy minima, and proposed a simple way of combining these results into a single value with a straightforward mathematical expression that could help in abstracting resistance to the set of presented analysis. Surprisingly, PRESENT− 128 seems weaker than PRESENT− 80 in the light of this new measure.


Key Schedule Semi-Equivalent Keys Annihilators Entropy Minimization Simulated Annealing PRESENT 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Kirkpatrick, S., Gelatt, C.D., Vecchi, M.P.: Optimization by Simulated Annealing. Science 220(4598), 671–680 (1983)MathSciNetzbMATHCrossRefGoogle Scholar
  2. 2.
    Borghoff, J., Knudsen, L.R., Matusiewicz, K.: Analysis of Trivium by a Simulated Annealing Variant. In: Proceedings of Ecrypt II Workshop on Tools for Cryptanalysis (2010)Google Scholar
  3. 3.
    Knudsen, L.R., Meier, W.: Cryptanalysis of an Identification Scheme Based on the Permuted Perceptron Problem. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 363–374. Springer, Heidelberg (1999)Google Scholar
  4. 4.
    Clark, J.A., Jacob, J.L.: Fault Injection and a Timing Channel on an Analysis Technique. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 181–196. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  5. 5.
    Kuman, M., Yadav, P., Kumari, M.: Flaws in Differential Cryptanalysis of Reduced Round PRESENT,
  6. 6.
    Bogdanov, A., Leander, G., Paar, C., et al.: Hash Functions and RFID Tags: Mind the Gap, pp. 283–299 (2008)Google Scholar
  7. 7.
    Bogdanov, A.A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y., Vikkelsoe, C.: PRESENT: An Ultra-Lightweight Block Cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007), CrossRefGoogle Scholar
  8. 8.
    Anderson, R., Biham, E., Knudsen, L.: Serpent: A proposal for the Advanced Encryption Standard. In: First Advanced Encryption Standard (AES) Conference (1998)Google Scholar
  9. 9.
    Wang, M.: Differential Cryptanalysis of Reduced-Round PRESENT. In: Vaudenay, S. (ed.) AFRICACRYPT 2008. LNCS, vol. 5023, pp. 40–49. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  10. 10.
    Özen, O., Varıcı, K., Tezcan, C., Kocair, Ç.: Lightweight Block Ciphers Revisited: Cryptanalysis of Reduced Round PRESENT and HIGHT. In: Boyd, C., González Nieto, J. (eds.) ACISP 2009. LNCS, vol. 5594, pp. 90–107. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  11. 11.
    Albrecht, M., Cid, C.: Algebraic Techniques in Differential Cryptanalysis. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 193–208. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  12. 12.
    Collard, B., Standaert, F.-X.: A Statistical Saturation Attack against the Block Cipher PRESENT. In: Fischlin, M. (ed.) CT-RSA 2009. LNCS, vol. 5473, pp. 195–210. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  13. 13.
    Ohkuma, K.: Weak Keys of Reduced-Round PRESENT for Linear Cryptanalysis. In: Jacobson Jr., M.J., Rijmen, V., Safavi-Naini, R. (eds.) SAC 2009. LNCS, vol. 5867, pp. 249–265. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  14. 14.
    De Cannière, C., Dunkelman, O., Knežević, M.: KATAN and KTANTAN — A Family of Small and Efficient Hardware-Oriented Block Ciphers. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 272–288. Springer, Heidelberg (2009)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Julio Cesar Hernandez-Castro
    • 1
  • Pedro Peris-Lopez
    • 2
  • Jean-Philippe Aumasson
    • 3
  1. 1.School of ComputingPortsmouth UniversityUK
  2. 2.Information Security & Privacy LabTU-DelftThe Netherlands
  3. 3.NagravisionSACheseauxSwitzerland

Personalised recommendations