Differential Factors Revisited: Corrected Attacks on PRESENT and SERPENT

  • Cihangir TezcanEmail author
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9542)


Differential factors, which prevent the attacker to distinguish some of the guessed keys corresponding to an active S-box during a differential attack on a block cipher, are recently introduced at Lightsec 2014 and used to reduce the time complexities of the previous differential-linear attacks on Serpent. Key recovery attacks generally consists of two parts: Key guess using the distinguisher and exhaustive search on the remaining key bits. Thus, we show that differential factors can reduce the time complexity of the former and increase the latter since the attacker does not need to guess the keys which cannot be distinguished. As an example for the latter, we show that the best known differential attack on Present overlooked its six differential factors and the corrected attack actually requires a time complexity increased by a factor of 64. Moreover, we show that differential factors also reduce data complexity of the differential attacks since less number of pairs are required to distinguish the correct key when the key space is reduced. This reduction in data complexity also reduces the time complexity. By using Serpent’s differential factors, we further reduce the data and time complexity of the differential-linear attacks on this cipher to obtain the best attacks.


S-box Differential factor Serpent Present 


  1. 1.
    Biham, E., Anderson, R., Knudsen, L.R.: Serpent: a new block cipher proposal. In: Vaudenay, S. (ed.) FSE 1998. LNCS, vol. 1372, pp. 222–238. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  2. 2.
    Biham, E., Biryukov, A., Shamir, A.: Cryptanalysis of skipjack reduced to 31 rounds using impossible differentials. J. Cryptology 18(4), 291–311 (2005)MathSciNetCrossRefzbMATHGoogle Scholar
  3. 3.
    Biham, E., Dunkelman, O., Keller, N.: Linear cryptanalysis of reduced round serpent. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 16–27. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  4. 4.
    Biham, E., Dunkelman, O., Keller, N.: The rectangle attack - rectangling the serpent. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 340–357. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  5. 5.
    Biham, E., Dunkelman, O., Keller, N.: New results on boomerang and rectangle attacks. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 1–16. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  6. 6.
    Biham, E., Shamir, A.: Differential cryptanalysis of DES-like cryptosystems. J. Cryptology 4(1), 3–72 (1991)MathSciNetCrossRefzbMATHGoogle Scholar
  7. 7.
    Bilgin, B., Nikova, S., Nikov, V., Rijmen, V., Stütz, G.: Threshold implementations of all \(3 \times 3\) and \(4 \times 4\) S-boxes. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 76–91. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  8. 8.
    Blondeau, C., Gérard, B., Tillich, J.P.: Accurate estimates of the data complexity and success probability for various cryptanalyses. Des. Codes Crypt. 59(1–3), 3–34 (2011)MathSciNetCrossRefzbMATHGoogle Scholar
  9. 9.
    Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y., Vikkelsoe, C.: PRESENT: an ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  10. 10.
    Chakraborty, K., Sarkar, S., Maitra, S., Mazumdar, B., Mukhopadhyay, D., Prouff, E.: Redefining the transparency order. Cryptology ePrint Archive, Report 2014/367 (2014)Google Scholar
  11. 11.
    Courtois, N.T., Pieprzyk, J.: Cryptanalysis of block ciphers with overdefined systems of equations. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 267–287. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  12. 12.
    Dinur, I., Shamir, A.: Cube attacks on tweakable black box polynomials. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 278–299. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  13. 13.
    Dunkelman, O., Indesteege, S., Keller, N.: A differential-linear attack on 12-round serpent. In: Chowdhury, D.R., Rijmen, V., Das, A. (eds.) INDOCRYPT 2008. LNCS, vol. 5365, pp. 308–321. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  14. 14.
    Eisenbarth, T., Öztürk, E. (eds.): LightSec 2014. LNCS, vol. 8898. Springer, Heidelberg (2015)zbMATHGoogle Scholar
  15. 15.
    Helleseth, T. (ed.): EUROCRYPT 1993. LNCS, vol. 765. Springer, Heidelberg (1994)zbMATHGoogle Scholar
  16. 16.
    ISO/IEC 29192–2:2012: Information technology - security techniques - lightweight cryptography - part 2: Block ciphers (2011)Google Scholar
  17. 17.
    Knudsen, L.R.: Truncated and higher order differentials. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 196–211. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  18. 18.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)Google Scholar
  19. 19.
    Kohno, T., Kelsey, J., Schneier, B.: Preliminary cryptanalysis of reduced-round Serpent. In: AES Candidate Conference, pp. 195–211 (2000)Google Scholar
  20. 20.
    Makarim, R.H., Tezcan, C.: Relating undisturbed bits to other properties of substitution boxes. In: Eisenbarth and Öztürk [14], pp. 109–125Google Scholar
  21. 21.
    Matsui, M.: Linear cryptoanalysis method for DES cipher. In: Helleseth [15], pp. 386–397Google Scholar
  22. 22.
    McLaughlin, J., Clark, J.A.: Filtered nonlinear cryptanalysis of reduced-round serpent, and the wrong-key randomization hypothesis. In: Stam, M. (ed.) IMACC 2013. LNCS, vol. 8308, pp. 120–140. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  23. 23.
    Nguyen, P.H., Wu, H., Wang, H.: Improving the algorithm 2 in multidimensional linear cryptanalysis. In: Parampalli, U., Hawkes, P. (eds.) ACISP 2011. LNCS, vol. 6812, pp. 61–74. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  24. 24.
    Nyberg, K.: Differentially uniform mappings for cryptography. In: Helleseth [15], pp. 55–64Google Scholar
  25. 25.
    Prouff, E.: DPA attacks and S-boxes. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 424–441. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  26. 26.
    Selçuk, A.A.: On probability of success in linear and differential cryptanalysis. J. Cryptology 21(1), 131–147 (2008)MathSciNetCrossRefzbMATHGoogle Scholar
  27. 27.
    Tezcan, C.: The improbable differential attack: cryptanalysis of reduced round CLEFIA. In: Gong, G., Gupta, K.C. (eds.) INDOCRYPT 2010. LNCS, vol. 6498, pp. 197–209. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  28. 28.
    Tezcan, C.: Improbable differential attacks on PRESENT using undisturbed bits. J. Comput. Appl. Math. 259, Part B(0), 503–511 (2014)Google Scholar
  29. 29.
    Tezcan, C., Özbudak, F.: Differential factors: improved attacks on SERPENT. In: Eisenbarth and Öztürk [14], pp. 69–84Google Scholar
  30. 30.
    Tezcan, C., Taskin, H.K., Demircioglu, M.: Improbable differential attacks on serpent using undisturbed bits. In: Poet, R., Rajarajan, M. (eds.) Proceedings of the 7th International Conference on Security of Information and Networks, p. 145. ACM, New York (2014)Google Scholar
  31. 31.
    Wang, M.: Differential cryptanalysis of reduced-round PRESENT. In: Vaudenay, S. (ed.) AFRICACRYPT 2008. LNCS, vol. 5023, pp. 40–49. Springer, Heidelberg (2008)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  1. 1.Department of MathematicsMiddle East Technical UniversityAnkaraTurkey
  2. 2.CYDES Laboratory, Department of Cyber Security, Institute of InformaticsMiddle East Technical UniversityAnkaraTurkey
  3. 3.Department of Cryptography, Institute of Applied MathematicsMiddle East Technical UniversityAnkaraTurkey

Personalised recommendations