Abstract
Recently, Biryukov et al. presented a new technique for key recovery in differential cryptanalysis, called meet-in-the-filter (MiF). In this work, we develop theoretical and practical aspects of the technique, which helps understanding and simplifies application. In particular, we show bounds on MiF complexity and conditions when the MiF-enhanced attack may reach them. We present a method based on trail counting which allows to estimate filtering strength of involved rounds and perform consequent complexity analysis with pen and paper, compared to the computer-aided approach of the original work. Furthermore, we show how MiF can be combined with plaintext structures for linear key schedules, allowing to increase the number of attacked rounds or to reduce the data complexity.
We illustrate our methods on block cipher families Cham and Katan and show best-to-date single-key differential attacks for these ciphers.
The work was supported by the Luxembourg National Research Fund’s (FNR) and the German Research Foundation’s (DFG) joint project APLICA (C19/IS/13641232).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Here, we consider probability over all intermediate (long) keys. Therefore, the limitation of a fixed-key permutation to have minimum nonzero differential probability \(2^{-|C|+1}\) (over plaintexts/ciphertexts) does not affect this assumption.
- 2.
Codes and other relevant information are available at github.com/cryptolu/MeetInTheFilter_CHAM_KATAN.
- 3.
When extending 8 rounds forward, there are \(2^{64.84}\) possible trails. Since there are only \(2^{64}\) possible ciphertext differences, each ciphertext difference suggests \(2^{0.84}\) trails on average.
- 4.
- 5.
Experimentally, we obtained an average of \(2^{33.49}\) trails which closely matches the estimates obtained by Proposition 2.
- 6.
Subkey dependency matrices are provided in the supporting code repository.
References
Albrecht, M.R., Leander, G.: An all-in-one approach to differential cryptanalysis for small block ciphers. In: Knudsen, L.R., Wu, H. (eds.) SAC 2012. LNCS, vol. 7707, pp. 1–15. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-35999-6_1
Beaulieu, R., Shors, D., Smith, J., Treatman-Clark, S., Weeks, B., Wingers, L.: The SIMON and SPECK families of lightweight block ciphers. Cryptology ePrint Archive, Report 2013/404 (2013)
Biham, E., Shamir, A.: Differential Cryptanalysis of the Data Encryption Standard. Springer, Heidelberg (1993). https://doi.org/10.1007/978-1-4613-9314-6
Biryukov, A., dos Santos, L.C., Teh, J.S., Udovenko, A., Velichkov, V.: Meet-in-the-filter and dynamic counting with applications to speck. Cryptology ePrint Archive, Paper 2022/673 (2022). https://eprint.iacr.org/2022/673, https://eprint.iacr.org/2022/673
De Cannière, C., Dunkelman, O., Knežević, M.: KATAN and KTANTAN—a family of small and efficient hardware-oriented block ciphers. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 272–288. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04138-9_20
Chen, J., Teh, J., Liu, Z., Su, C., Samsudin, A., Xiang, Y.: Towards accurate statistical analysis of security margins: New searching strategies for differential attacks. IEEE Trans. Comput. 66(10), 1763–1777 (2017)
Dinur, I.: Improved differential cryptanalysis of round-reduced speck. In: Joux, A., Youssef, A. (eds.) SAC 2014. LNCS, vol. 8781, pp. 147–164. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-13051-4_9
Eichlseder, M., Kales, D.: Clustering related-tweak characteristics: application to MANTIS-6. IACR Trans. Symmetric Cryptol. 2018(2), 111–132 (2018)
Knellwolf, S., Meier, W., Naya-Plasencia, M.: Conditional differential cryptanalysis of NLFSR-based cryptosystems. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 130–145. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-17373-8_8
Koo, B., Roh, D., Kim, H., Jung, Y., Lee, D.-G., Kwon, D.: CHAM: a family of lightweight block ciphers for resource-constrained devices. In: Kim, H., Kim, D.-C. (eds.) ICISC 2017. LNCS, vol. 10779, pp. 3–25. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78556-1_1
Rasoolzadeh, S., Raddum, H.: Multidimensional meet in the middle cryptanalysis of KATAN. IACR Cryptol. ePrint Arch. 77 (2016)
Roh, D., Koo, B., Jung, Y., Jeong, I.W., Lee, D.-G., Kwon, D., Kim, W.-H.: Revised version of block cipher CHAM. In: Seo, J.H. (ed.) ICISC 2019. LNCS, vol. 11975, pp. 1–19. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-40921-0_1
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Biryukov, A., Teh, J.S., Udovenko, A. (2024). Advancing the Meet-in-the-Filter Technique: Applications to CHAM and KATAN. In: Smith, B., Wu, H. (eds) Selected Areas in Cryptography. SAC 2022. Lecture Notes in Computer Science, vol 13742. Springer, Cham. https://doi.org/10.1007/978-3-031-58411-4_16
Download citation
DOI: https://doi.org/10.1007/978-3-031-58411-4_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-58410-7
Online ISBN: 978-3-031-58411-4
eBook Packages: Computer ScienceComputer Science (R0)