Skip to main content
SpringerLink
Log in

Differential-Linear Cryptanalysis of the Lightweight Cryptographic Algorithm KNOT

  • Conference paper
  • First Online:
Information Security and Cryptology (Inscrypt 2021)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 13007))

Included in the following conference series:

Abstract

KNOT is one of the 32 candidates in the second round of NIST’s lightweight cryptography standardization process. The KNOT family consists of bit-slice lightweight Authenticated Encryption with Associated Data (AEAD) and hashing algorithms. In this paper, we evaluate the security for the initialization phase of two members of the KNOT-AEAD family by differential-linear cryptanalysis.

More exactly, we analyze KNOT-AEAD(128,256,64) and KNOT-AEAD(128,384,192) which have 128-bit secret keys. As a result, for 15-round KNOT-AEAD(128,256,64), our attack takes \(2^{48.8}\) time complexity and \(2^{47.5}\) blocks to recover the full 128-bit key. To the best of our knowledge, this is the first full key-recovery attack on 15-round KNOT-AEAD(128,256,64), and it achieves three more rounds compared with the existing work. Regarding 17-round KNOT-AEAD(128,384,192), time complexity of \(2^{59.2}\) and data complexity of \(2^{58.2}\) are required to launch a key-recovery attack, which is five rounds better than the known result. We stress here that our attacks do not threaten the security of KNOT-AEAD.

This work was supported by the National Natural Science Foundation of China (Grant No. 61872359 and 62122085), the National Key R&D Program of China (Grant No. 2020YFB1805402), and the Youth Innovation Promotion Association of Chinese Academy of Sciences.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Change history

  • 11 April 2022

    In an older version of this paper, there was an orthographical error in the title. This has been corrected.

References

  1. Aagaard, M., Al Tawy, R., Gong, G., Mandal, K., Rohit, R., Zidaric, N.: Wage: an authenticated cipher submission to the NIST LWC competition. https://csrc.nist.gov/CSRC/media/Projects/lightweight-cryptography/documents/round-2/spec-doc-rnd2/wage-spec-round2.pdf

  2. Aumasson, J.-P., Fischer, S., Khazaei, S., Meier, W., Rechberger, C.: New features of Latin dances: analysis of salsa, chacha, and rumba. In: Nyberg, K. (ed.) FSE 2008, LNCS, vol. 5086, pp. 470–488. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-7-71039-4_30

  3. Bar-On, A., Dunkelman, O., Keller, N., Weizman, A.: DLCT: a new tool for differential-linear cryptanalysis. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11476, pp. 313–342. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17653-2_11

  4. Beierle, C., et al.: Schwaemm and Esch: lightweight authenticated encryption and hashing using the sparkle permutation family. https://csrc.nist.gov/CSRC/media/Projects/lightweight-cryptography/documents/round-2/spec-doc-rnd2/sparkle-spec-round2.pdf

  5. Beierle, C., et al.: Skinny-Aead and skinny-hash v1.1. https://csrc.nist.gov/CSRC/media/Projects/lightweight-cryptography/documents/round-2/spec-doc-rnd2/SKINNY-spec-round2.pdf

  6. Beierle, C., Leander, G., Todo, Y.: Improved differential-linear attacks with applications to ARX ciphers. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020. LNCS, vol. 12172, pp. 329–358. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56877-1_12

  7. Ben-Aroya, I., Biham, E.: Differential cryptanalysis of lucifer. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 187–199. Springer, Heidelberg (1993). https://doi.org/10.1007/3-540-48329-2_17

  8. Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Permutation-based encryption, authentication and authenticated encryption. Directions in Authenticated Ciphers, pp. 159–170 (2012)

    Google Scholar 

  9. Biham, E., Dunkelman, O., Keller, N.: Enhancing differential-linear cryptanalysis. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 254–266. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-36178-2_16

  10. Biham, E., Dunkelman, O., Keller, N.: Differential-linear cryptanalysis of serpent. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 9–21. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-39887-5_2

  11. Biham, E., Shamir, A.: Differential cryptanalysis of des-like cryptosystems. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 2–21. Springer, Heidelberg (1990). https://doi.org/10.1007/3-540-38424-3_1

  12. Blondeau, C., Leander, G., Nyberg, K.: Differential-linear cryptanalysis revisited. J. Cryptol. 30(3), 859–888 (2017)

    Google Scholar 

  13. Canteaut, A., et al.: Saturnin: a suite of lightweight symmetric algorithms for post-quantum security. https://csrc.nist.gov/CSRC/media/Projects/lightweight-cryptography/documents/round-2/spec-doc-rnd2/saturnin-spec-round2.pdf

  14. Choudhuri, A.R., Maitra, S.: Significantly improved multi-bit differentials for reduced round salsa and chacha. IACR Trans. Symmetric Cryptol. 2016(2), 261–287 (2016)

    Google Scholar 

  15. Coutinho, M., Souza Neto, T.C.: New multi-bit differentials to improve attacks against chacha. IACR Cryptol. ePrint Arch. 2020, 350 (2020)

    Google Scholar 

  16. Dobraunig, C., Eichlseder, M., Mendel, F., Schläffer, M.: Cryptanalysis of ASCON. In: Nyberg, K. (ed.) CT-RSA 2015. LNCS, vol. 9048, pp. 371–387. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-16715-2_20

  17. Dunkelman, O., Indesteege, S., Keller, N.: A differential-linear attack on 12-round serpent. In: Chowdhury, D.R., Rijmen, V., Das, A. (eds.) INDOCRYPT 2008. LNCS, vol. 5365, pp. 308–321. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-89754-5_24

  18. Gutiérrez, A.F., Leurent, G., Naya-Plasencia, M., Perrin, L., Schrottenloher, A., Sibleyras, F.: New results on Gimli: full-permutation distinguishers and improved collisions. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020. LNCS, vol. 12491, pp. 33–63. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64837-4_2

  19. Knellwolf, S., Meier, W., Naya-Plasencia, M.: Conditional differential cryptanalysis of NLFSR-based cryptosystems. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 130–145. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-17373-8_8

  20. Langford, S.K., Hellman, M.E.: Differential-linear cryptanalysis. In: Desmedt, Y. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 17–25. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48658-5_3

  21. Leurent, G.: Improved differential-linear cryptanalysis of 7-round Chaskey with partitioning. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9665, pp. 344–371. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49890-3_14

  22. Liu, M., Lu, X., Lin, D.: Differential-linear cryptanalysis from an algebraic perspective. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021, Part III. LNCS, vol. 12827, pp. 247–277. Springer Cham (2021). https://doi.org/10.1007/978-3-030-84252-9_9

  23. Lu, J.: A methodology for differential-linear cryptanalysis and its applications. Des. Codes Cryptogr. 77(1), 11–48 (2015)

    Google Scholar 

  24. Matsui, M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1993). https://doi.org/10.1007/3-540-48285-7_33

  25. Mouha, N., Wang, Q., Gu, D., Preneel, B.: Differential and linear cryptanalysis using mixed-integer linear programming. In: Wu, C., Yung, M., Lin, D. (eds.) Inscrypt 2011. LNCS, vol. 7537, pp. 57–76. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-34704-7_5

  26. Selçuk, A.A.: On probability of success in linear and differential cryptanalysis. J. Cryptol. 21(1), 131–147 (2008)

    Google Scholar 

  27. Sun, S., et al.: Towards finding the best characteristics of some bit-oriented block ciphers and automatic enumeration of (related-key) differential and linear characteristics with predefined properties. Cryptology ePrint Archive, Report 2014/747 (2014). https://ia.cr/2014/747

  28. Sun, S., Hu, L., Wang, P., Qiao, K., Ma, X., Song, L.: Automatic security evaluation and (related-key) differential characteristic search: application to Simon, present, lblock, DES(L) and other bit-oriented block ciphers. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014, Part I. LNCS, vol. 8873, pp. 158–178. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45611-8_9

  29. Zhang, W., et al.: KNOT: algorithm specifications and supporting document. https://csrc.nist.gov/CSRC/media/Projects/lightweight-cryptography/documents/round-2/spec-doc-rnd2/knot-spec-round.pdf

  30. Zhang, W., Ding, T., Zhou, C., Ji, F.: Security analysis of KNOT-AEAD and KNOT-HASH. https://csrc.nist.gov/CSRC/media/Events/lightweight-cryptography-workshop-2020/documents/papers/security-analysis-of-KNOT-lwc2020.pdf

Download references

Acknowledgements

We are very grateful to Wentao Zhang for her helpful suggestions on this paper. We also thank the anonymous reviewers for their valuable comments.

Author information

Authors and Affiliations

  1. State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, 100093, China

    Shichang Wang, Shiqi Hou, Meicheng Liu & Dongdai Lin

  2. School of Cyber Security, University of Chinese Academy of Sciences, Beijing, 100049, China

    Shichang Wang, Shiqi Hou, Meicheng Liu & Dongdai Lin

Authors
  1. Shichang Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shiqi Hou
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Meicheng Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Dongdai Lin
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Meicheng Liu or Dongdai Lin .

Editor information

Editors and Affiliations

  1. Shanghai Jiao Tong University, Shanghai, China

    Yu Yu

  2. Columbia University, New York, NY, USA

    Moti Yung

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Wang, S., Hou, S., Liu, M., Lin, D. (2021). Differential-Linear Cryptanalysis of the Lightweight Cryptographic Algorithm KNOT. In: Yu, Y., Yung, M. (eds) Information Security and Cryptology. Inscrypt 2021. Lecture Notes in Computer Science(), vol 13007. Springer, Cham. https://doi.org/10.1007/978-3-030-88323-2_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-88323-2_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-88322-5

  • Online ISBN: 978-3-030-88323-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation