Advertisement

Structural Evaluation by Generalized Integral Property

  • Yosuke Todo
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9056)

Abstract

In this paper, we show structural cryptanalyses against two popular networks, i.e., the Feistel Network and the Substitute-Permutation Network (SPN). Our cryptanalyses are distinguishing attacks by an improved integral distinguisher. The integral distinguisher is one of the most powerful attacks against block ciphers, and it is usually constructed by evaluating the propagation characteristic of integral properties, e.g., the ALL or BALANCE property. However, the integral property does not derive useful distinguishers against block ciphers with non-bijective functions and bit-oriented structures. Moreover, since the integral property does not clearly exploit the algebraic degree of block ciphers, it tends not to construct useful distinguishers against block ciphers with low-degree functions. In this paper, we propose a new property called the division property, which is the generalization of the integral property. It can effectively construct the integral distinguisher even if the block cipher has non-bijective functions, bit-oriented structures, and low-degree functions. From viewpoints of the attackable number of rounds or chosen plaintexts, the division property can construct better distinguishers than previous methods. Although our attack is a generic attack, it can improve several integral distinguishers against specific cryptographic primitives. For instance, it can reduce the required number of chosen plaintexts for the \(10\)-round distinguisher on Keccak-\(f\) from \(2^{1025}\) to \(2^{515}\). For the Feistel cipher, it theoretically proves that Simon 32, 48, 64, 96, and 128 have \(9\)-, \(11\)-, \(11\)-, \(13\)-, and \(13\)-round integral distinguishers, respectively.

Keywords

Block cipher Integral distinguisher Feistel network Substitute-Permutation network Keccak Simon AES-like cipher Boolean function 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Anderson, R., Biham, E., Knudsen, L.: Serpent: A proposal for the Advanced Encryption Standard. NIST AES Proposal (1998)Google Scholar
  2. 2.
    Andreeva, E., Bilgin, B., Bogdanov, A., Luykx, A., Mendel, F., Mennink, B., Mouha, N., Wang, Q., Yasuda, K.: PRIMATEs v1.02 (2014), submission to CAESAR competitionGoogle Scholar
  3. 3.
    Aoki, K., Ichikawa, T., Kanda, M., Matsui, M., Moriai, S., Nakajima, J., Tokita, T.: Camellia: A 128-Bit block cipher suitable for multiple platforms - design and analysis. In: Stinson, D.R., Tavares, S. (eds.) SAC 2000. LNCS, vol. 2012, pp. 39–56. Springer, Heidelberg (2001) CrossRefGoogle Scholar
  4. 4.
    Barreto, P.S.L.M., Rijmen, V.: The Whirlpool hashing function (2003), submitted to the NESSIE project. http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html
  5. 5.
    Beaulieu, R., Shors, D., Smith, J., Treatman-Clark, S., Weeks, B., Wingers, L.: The SIMON and SPECK families of lightweight block ciphers. IACR Cryptology ePrint Archive 2013, 404 (2013). http://eprint.iacr.org/2013/404
  6. 6.
    Biryukov, A., Shamir, A.: Structural cryptanalysis of SASAS. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 395–405. Springer, Heidelberg (2001) CrossRefGoogle Scholar
  7. 7.
    Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M., Seurin, Y., Vikkelsoe, C.: PRESENT: an ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007) CrossRefGoogle Scholar
  8. 8.
    Boura, C., Canteaut, A.: On the influence of the algebraic degree of \(F^{-1}\) on the algebraic degree of \(G \circ F\). IEEE Transactions on Information Theory 59(1), 691–702 (2013)CrossRefMathSciNetGoogle Scholar
  9. 9.
    Boura, C., Canteaut, A., De Cannière, C.: Higher-order differential properties of Keccak and Luffa. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 252–269. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  10. 10.
    Cannière, C.D., Sato, H., Watanabe, D.: Hash function Luffa - a SHA-3 candidate (2008). http://hitachi.com/rd/yrl/crypto/luffa/round1archive/Luffa_Specification.pdf
  11. 11.
    Canteaut, A., Videau, M.: Degree of composition of highly nonlinear functions and applications to higher order differential cryptanalysis. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 518–533. Springer, Heidelberg (2002) CrossRefGoogle Scholar
  12. 12.
    Daemen, J., Bertoni, G., Peeters, M., Assche, G.V.: The Keccak reference version 3.0 (2011)Google Scholar
  13. 13.
    Daemen, J., Knudsen, L.R., Rijmen, V.: The block cipher Square. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 149–165. Springer, Heidelberg (1997) CrossRefGoogle Scholar
  14. 14.
    Daemen, J., Peeters, M., Assche, G.V., Rijmen, V.: The Noekeon block cipher. (2000), submitted to the NESSIE project. http://gro.noekeon.org/
  15. 15.
    Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. Information Security and Cryptography. Springer (2002)Google Scholar
  16. 16.
    Dobraunig, C., Eichlseder, M., Mendel, F., Schläffer, M.: Ascon v1 (2014), submission to CAESAR competitionGoogle Scholar
  17. 17.
    Guo, J., Peyrin, T., Poschmann, A.: The PHOTON family oflightweight hash functions. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 222–239. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  18. 18.
    Guo, J., Peyrin, T., Poschmann, A., Robshaw, M.: The LED block cipher. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 326–341. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  19. 19.
    Isobe, T., Shibutani, K.: Generic key recovery attack on Feistel scheme. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013, Part I. LNCS, vol. 8269, pp. 464–485. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  20. 20.
    Kavun, E.B., Lauridsen, M.M., Leander, G., Rechberger, C., Schwabe, P., Yalçin, T.: Prøst v1.1 (2014), submission to CAESAR competitionGoogle Scholar
  21. 21.
    Knudsen, L.R.: Truncated and higher order differentials. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 196–211. Springer, Heidelberg (1995) CrossRefGoogle Scholar
  22. 22.
    Knudsen, L.R.: The security of Feistel ciphers with six rounds or less. J. Cryptology 15(3), 207–222 (2002)CrossRefzbMATHMathSciNetGoogle Scholar
  23. 23.
    Knudsen, L.R., Wagner, D.: Integral cryptanalysis. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 112–127. Springer, Heidelberg (2002) CrossRefGoogle Scholar
  24. 24.
    Lai, X.: Higher order derivatives and differential cryptanalysis. In: Communications and Cryptography. The Springer International Series in Engineering and Computer Science, vol. 276, pp. 227–233 (1994)Google Scholar
  25. 25.
    Li, Y., Wu, W., Zhang, L.: Improved integral attacks on reduced-round CLEFIA block cipher. In: Jung, S., Yung, M. (eds.) WISA 2011. LNCS, vol. 7115, pp. 28–39. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  26. 26.
    Luby, M., Rackoff, C.: How to construct pseudorandom permutations from pseudorandom functions. SIAM J. Comput. 17(2), 373–386 (1988)CrossRefzbMATHMathSciNetGoogle Scholar
  27. 27.
    Morawiecki, P., Gaj, K., Homsirikamol, E., Matusiewicz, K., Pieprzyk, J., Rogawski, M., Srebrny, M., Wøjcik, M.: ICEPOLE v1 (2014), submission to CAESAR competitionGoogle Scholar
  28. 28.
    Patarin, J.: Security of random Feistel schemes with 5 or more rounds. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 106–122. Springer, Heidelberg (2004) CrossRefGoogle Scholar
  29. 29.
    Sasaki, Y., Todo, Y., Aoki, K., Naito, Y., Sugawara, T., Murakami, Y., Matsui, M., Hirose, S.: Minalpher v1 (2014), submission to CAESAR competitionGoogle Scholar
  30. 30.
    Shibayama, N., Kaneko, T.: A peculiar higher order differential of CLEFIA. In: ISITA, pp. 526–530. IEEE (2012)Google Scholar
  31. 31.
    National Institute of Standards and Technology: Data Encryption Standard (DES). Federal Information Processing Standards Publication 46 (1977)Google Scholar
  32. 32.
    National Institute of Standards and Technology: Specification for the ADVANCED ENCRYPTION STANDARD (AES). Federal Information Processing Standards Publication 197 (2001)Google Scholar
  33. 33.
    Wang, Q., Liu, Z., Varici, K., Sasaki, Y., Rijmen, V., Todo, Y.: Cryptanalysis of reduced-round SIMON32 and SIMON48. In: Daemen, J., Rijmen, V. (eds.) INDOCRYPT. LNCS, vol. 8885, pp. 143–160. Springer, Heidelberg (2014) Google Scholar
  34. 34.
    Wu, S., Wang, M.: Integral attacks on reduced-round PRESENT. In: Qing, S., Zhou, J., Liu, D. (eds.) ICICS 2013. LNCS, vol. 8233, pp. 331–345. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  35. 35.
    Wu, W., Zhang, L.: LBlock: A lightweight block cipher. In: Lopez, J., Tsudik, G. (eds.) ACNS 2011. LNCS, vol. 6715, pp. 327–344. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  36. 36.
    Yeom, Y., Park, S., Kim, I.: On the security of CAMELLIA against the Square attack. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 89–99. Springer, Heidelberg (2002) CrossRefGoogle Scholar
  37. 37.
    Z’aba, M.R., Raddum, H., Henricksen, M., Dawson, E.: Bit-pattern based integral attack. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 363–381. Springer, Heidelberg (2008) CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2015

Authors and Affiliations

  1. 1.NTT Secure Platform LaboratoriesTokyoJapan

Personalised recommendations