Extension of Meet-in-the-Middle Technique for Truncated Differential and Its Application to RoadRunneR

  • Qianqian Yang
  • Lei HuEmail author
  • Siwei Sun
  • Ling Song
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9955)


In the FSE 2015 conference, Li et al. introduced a new method to construct differential characteristics of block ciphers by exploiting the meet-in-the-middle like technique. Inspired by the method, in this paper we obtain general results on truncated differential characteristics of block ciphers with Feistel structure. Applying the result to RoadRunneR, which is a fast bit-slice lightweight block cipher proposed in the LightSec 2015 conference for low cost 8-bit processors, we find 5-round truncated differential characteristics with probability \(2^{-56}\). Using the truncated differential characteristics, we present a attack on 7-round RoadRunneR-128 without whitening keys, with data complexity of \(2^{55}\) chosen plaintexts, time complexity of \(2^{121}\) encryptions, and memory complexity of \(2^{68}\). This is the currently best known attack on RoadRunneR block cipher.


Truncated differential Meet-in-the-middle technique Lightweight block cipher RoadRunneR 



The authors would like to thank anonymous reviewers for their helpful comments and suggestions. The work of this paper was supported by the National Key Basic Research Program of China (2013CB834203), the National Natural Science Foundation of China (Grants 61472417, 61402469 and 61472415), the Strategic Priority Research Program of Chinese Academy of Sciences under Grant XDA06010702, and the State Key Laboratory of Information Security, Chinese Academy of Sciences.


  1. 1.
    Albrecht, M.R., Driessen, B., Kavun, E.B., Leander, G., Paar, C., Yalçın, T.: Block ciphers – focus on the linear layer (feat. PRIDE). In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, pp. 57–76. Springer, Heidelberg (2014). doi: 10.1007/978-3-662-44371-2_4 CrossRefGoogle Scholar
  2. 2.
    Baysal, A., Sahin, S.: Roadrunner: a small and fast bitslice block cipher for low cost 8-bit processors. Technical report, IACR Cryptology ePrint Archive, 2015: 906 (2015)Google Scholar
  3. 3.
    Beaulieu, R., Shors, D., Smith, J., Treatman-Clark, S., Weeks, B., Wingers, L.: The SIMON and SPECK families of lightweight block ciphers. Cryptology ePrint Archive (2013).
  4. 4.
    Biham, E.: New types of cryptanalytic attacks using related keys. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 398–409. Springer, Heidelberg (1994). doi: 10.1007/3-540-48285-7_34 CrossRefGoogle Scholar
  5. 5.
    Biham, E., Shamir, A.: Differential cryptanalysis of DES-like cryptosystems. J. Cryptology 4(1), 3–72 (1991)MathSciNetCrossRefzbMATHGoogle Scholar
  6. 6.
    Biryukov, A.: Impossible Differential Attack. In: Encyclopedia of Cryptography and Security. pp. 597–597. Springer, Heidelberg (2011)Google Scholar
  7. 7.
    Blondeau, C.: Improbable differential from impossible differential: on the validity of the model. In: Paul, G., Vaudenay, S. (eds.) INDOCRYPT 2013. LNCS, pp. 149–160. Springer, Heidelberg (2013). doi: 10.1007/978-3-319-03515-4_10 CrossRefGoogle Scholar
  8. 8.
    Blondeau, C., Gérard, B.: Multiple differential cryptanalysis: theory and practice. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 35–54. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-21702-9_3 CrossRefGoogle Scholar
  9. 9.
    Bogdanov, A.A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M., Seurin, Y., Vikkelsoe, C.: PRESENT: an ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-74735-2_31 CrossRefGoogle Scholar
  10. 10.
    Borghoff, J., et al.: PRINCE – a low-latency block cipher for pervasive computing applications. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, pp. 208–225. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-34961-4_14 CrossRefGoogle Scholar
  11. 11.
    Crowley, P.: Truncated differential cryptanalysis of five rounds of salsa20. In: The State of the Art of Stream Ciphers SASC 2006, 198–202 (2006)Google Scholar
  12. 12.
    Daemen, J., Peeters, M., Van Assche, G., Rijmen, V.: Nessie proposal: noekeon. In: First Open NESSIE Workshop, pp. 213–230 (2000)Google Scholar
  13. 13.
    Grosso, V., Leurent, G., Standaert, F.-X., Varıcı, K.: LS-designs: bitslice encryption for efficient masked software implementations. In: Cid, C., Rechberger, C. (eds.) FSE 2014. LNCS, pp. 18–37. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-46706-0_2 Google Scholar
  14. 14.
    Guo, J., Peyrin, T., Poschmann, A., Robshaw, M.: The LED block cipher. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 326–341. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-23951-9_22 CrossRefGoogle Scholar
  15. 15.
    Kim, J., Hong, S., Lee, S., Song, J., Yang, H.: Truncated differential attacks on 8-round CRYPTON. In: Lim, J.-I., Lee, D.-H. (eds.) ICISC 2003. LNCS, pp. 446–456. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-24691-6_33 CrossRefGoogle Scholar
  16. 16.
    Knudsen, L.R.: Truncated and higher order differentials. In: Preneel, B. (ed.) FSE 1994. LNCS, pp. 196–211. Springer, Heidelberg (1995). doi: 10.1007/3-540-60590-8_16 CrossRefGoogle Scholar
  17. 17.
    Knudsen, L.R., Berson, T.A.: Truncated differentials of SAFER. In: Gollmann, D. (ed.) FSE 1996. LNCS, pp. 15–26. Springer, Heidelberg (1996). doi: 10.1007/3-540-60865-6_38 CrossRefGoogle Scholar
  18. 18.
    Knudsen, L.R., Rijmen, V.: Truncated differentials of idea. Department of Electrical Engineering, ESAT-COSIC Technical report 97 1 (1997)Google Scholar
  19. 19.
    Knudsen, L.R., Robshaw, M.J.B., Wagner, D.: Truncated differentials and skipjack. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, pp. 165–180. Springer, Heidelberg (1999). doi: 10.1007/3-540-48405-1_11 Google Scholar
  20. 20.
    Lee, S., Hong, S., Lee, S., Lim, J., Yoon, S.: Truncated differential cryptanalysis of camellia. In: Kim, K. (ed.) ICISC 2001. LNCS, pp. 32–38. Springer, Heidelberg (2002). doi: 10.1007/3-540-45861-1_3 CrossRefGoogle Scholar
  21. 21.
    Li, L., Jia, K., Wang, X., Dong, X.: Meet-in-the-middle technique for truncated differential and its applications to CLEFIA and camellia. In: Leander, G. (ed.) FSE 2015. LNCS, vol. 9054, pp. 48–70. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-48116-5_3 CrossRefGoogle Scholar
  22. 22.
    Moriai, S., Sugita, M., Aoki, K., Kanda, M.: Security of E2 against truncated differential cryptanalysis. In: Heys, H., Adams, C. (eds.) SAC 1999. LNCS, pp. 106–117. Springer, Heidelberg (2000). doi: 10.1007/3-540-46513-8_8 CrossRefGoogle Scholar
  23. 23.
    Mouha, N., Wang, Q., Gu, D., Preneel, B.: Differential and linear cryptanalysis using mixed-integer linear programming. In: Wu, C.-K., Yung, M., Lin, D. (eds.) Inscrypt 2011. LNCS, pp. 57–76. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-34704-7_5 CrossRefGoogle Scholar
  24. 24.
    Standaert, F.-X., Piret, G., Gershenfeld, N., Quisquater, J.-J.: SEA: a scalable encryption algorithm for small embedded applications. In: Domingo-Ferrer, J., Posegga, J., Schreckling, D. (eds.) CARDIS 2006. LNCS, vol. 3928, pp. 222–236. Springer, Heidelberg (2006). doi: 10.1007/11733447_16 CrossRefGoogle Scholar
  25. 25.
    Sugita, M., Kobara, K., Imai, H.: Security of reduced version of the block cipher camellia against truncated and impossible differential cryptanalysis. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, pp. 193–207. Springer, Heidelberg (2001). doi: 10.1007/3-540-45682-1_12 CrossRefGoogle Scholar
  26. 26.
    Sun, S., Hu, L., Wang, M., Wang, P., Qiao, K., Ma, X., Shi, D., Song, L.: Automatic enumeration of (related-key) differential and linear characteristics with predefined properties and its applications. In: IACR Cryptology ePrint Archive 2014, 747 (2014)Google Scholar
  27. 27.
    Sun, S., Hu, L., Wang, P., Qiao, K., Ma, X., Song, L.: Automatic security evaluation and (Related-key) differential characteristic search: application to SIMON, PRESENT, LBlock, DES(L) and other bit-oriented block ciphers. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, pp. 158–178. Springer, Heidelberg (2014). doi: 10.1007/978-3-662-45611-8_9 Google Scholar
  28. 28.
    Wagner, D.: The boomerang attack. In: Knudsen, L. (ed.) FSE 1999. LNCS, pp. 156–170. Springer, Heidelberg (1999). doi: 10.1007/3-540-48519-8_12 CrossRefGoogle Scholar
  29. 29.
    Wu, W., Zhang, L.: LBlock: a lightweight block cipher. In: Lopez, J., Tsudik, G. (eds.) ACNS 2011. LNCS, vol. 6715, pp. 327–344. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-21554-4_19 CrossRefGoogle Scholar
  30. 30.
    Zhang, W., Bao, Z., Lin, D., Rijmen, V., Yang, B., Verbauwhede, I.: Rectangle: a bit-slice lightweight block cipher suitable for multiple platforms. Sci. China Inform. Sci. 58(12), 1–15 (2015)Google Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  • Qianqian Yang
    • 1
    • 2
    • 3
  • Lei Hu
    • 1
    • 2
    Email author
  • Siwei Sun
    • 1
    • 2
  • Ling Song
    • 1
    • 2
  1. 1.State Key Laboratory of Information Security, Institute of Information EngineeringChinese Academy of SciencesBeijingChina
  2. 2.Data Assurance and Communication Security Research CenterChinese Academy of SciencesBeijingChina
  3. 3.University of Chinese Academy of SciencesBeijingChina

Personalised recommendations