Related-Key Slide Attacks on Block Ciphers with Secret Components
Lightweight cryptography aims to provide sufficient security with low area/power/energy requirements for constrained devices. In this paper, we focus on the lightweight encryption algorithm specified and approved in NRS 009-6-7:2002 by Electricity Suppliers Liaison Committee to be used with tokens in prepayment electricity dispensing systems in South Africa. The algorithm is a 16-round SP network with 64-bit key using two 4-to-4 bit S-boxes and a 64-bit permutation. The S-boxes and the permutation are kept secret and provided only to the manufacturers of the system under license conditions. We present related-key slide attacks to recover the secret key and secret components using four scenarios; (i) known S-box and permutation with 248 time complexity using 216 + 1 chosen plaintexts; (ii) unknown S-box and known permutation with 255 time complexity using 222.71 + 1 chosen plaintexts; (iii) known S-box and unknown permutation with 248 time complexity using 216 + 1 chosen plaintexts and 212.28 adaptively chosen plaintexts; and finally, (iv) unknown S-box and permutation, with 248 time complexity using 222.71 + 1 chosen plaintexts and 231.29 adaptively chosen plaintexts. We also extend these attacks to recover the secret components in a chosen-key setting with practical complexities.
KeywordsLightweight Block Ciphers Related-Key Slide Attacks Secret Components
Unable to display preview. Download preview PDF.
- 2.Hamalainen, P., Alho, T., Hannikainen, M., Hamalainen, T.D.: Design and Implementation of Low-Area and Low-Power AES Encryption Hardware Core. In: Proceedings of the 9th EUROMICRO Conference on Digital System Design, DSD 2006, pp. 577–583. IEEE Computer Society, Washington, DC (2006)Google Scholar
- 5.Hong, D., Sung, J., Hong, S., Lim, J., Lee, S., Koo, B., Lee, C., Chang, D., Lee, J., Jeong, K., Kim, H., Kim, J., Chee, S.: HIGHT: A New Block Cipher Suitable for Low-Resource Device. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 46–59. Springer, Heidelberg (2006)CrossRefGoogle Scholar
- 8.Wagner, D., Briceno, M., Goldberg, I.: A Pedagogical Implementation of the GSM A5/1 and A5/2 ”voice privacy” encryption algorithms, http://www.scard.org/gsm/a51.html (accessed January 23, 2013)
- 9.4C Entity. C2 Block Cipher Specification, Revision 1.0, http://www.4centity.com/
- 11.NRS 009-6-7:2002. Rationalized User Specification, Electricity Sales Systems, Part 6: Interface standards Section 7: Standard Transfer Specification/Credit Dispensing Unit – Electricity dispenser – Token Encoding and Data Encryption and Decryption (2002)Google Scholar