A Model for Structure Attacks, with Applications to PRESENT and Serpent

  • Meiqin Wang
  • Yue Sun
  • Elmar Tischhauser
  • Bart Preneel
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7549)


As a classic cryptanalytic method for block ciphers, hash functions and stream ciphers, many extensions and refinements of differential cryptanalysis have been developed. In this paper, we focus on the use of so-called structures in differential attacks, i.e. the use of multiple input and one output difference. We give a general model and complexity analysis for structure attacks and show how to choose the set of differentials to minimize the time and data complexities. Being a subclass of multiple differential attacks in general, structure attacks can also be analyzed in the model of Blondeau et al. from FSE 2011. In this very general model, a restrictive condition on the set of input differences is required for the complexity analysis. We demonstrate that in our dedicated model for structure attacks, this condition can be relaxed, which allows us to consider a wider range of differentials. Finally, we point out an inconsistency in the FSE 2011 attack on 18 rounds of the block cipher PRESENT and use our model for structure attacks to attack 18-round PRESENT and improve the previous structure attacks on 7-round and 8-round Serpent. To the best of our knowledge, those attacks are the best known differential attacks on these two block ciphers.


Structure Attack Block Cipher Differential PRESENT Serpent 


  1. 1.
    Anderson, R., Biham, E., Knudsen, L.R.: A Proposal for the Advanced Encryption Standard. NIST AES proposal (1998)Google Scholar
  2. 2.
    Biham, E., Shamir, A.: Differential Cryptanalysis of DES-like Cryptosystems. Journal of Cryptology 4(1), 3–72 (1991)CrossRefMathSciNetzbMATHGoogle Scholar
  3. 3.
    Biham, E., Dunkelman, O., Keller, N.: The Rectangle Attack - Rectangling the Serpent. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 340–357. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  4. 4.
    Blondeau, C., Gérard, B.: Multiple Differential Cryptanalysis: Theory and Practice. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 35–54. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  5. 5.
    Blondeau, C., Gérard, B.: Private communication: The 561 Differentials (2011)Google Scholar
  6. 6.
    Blondeau, C., Gérard, B.: Multiple Differential Cryptanalysis: Theory and Practice (Corrected). Cryptology ePrint Archive: Report 2011/115Google Scholar
  7. 7.
    Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y., Vikkelsoe, C.: PRESENT: An Ultra-Lightweight Block Cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  8. 8.
    Cho, J.: Linear Cryptanalysis of Reduced-Round PRESENT. In: Pieprzyk, J. (ed.) CT-RSA 2010. LNCS, vol. 5985, pp. 302–317. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  9. 9.
    Collard, B., Standaert, F.-X.: A Statistical Saturation Attack against the Block Cipher PRESENT. In: Fischlin, M. (ed.) CT-RSA 2009. LNCS, vol. 5473, pp. 195–210. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  10. 10.
    Daemen, J., Rijmen, V.: Probability distributions of correlations and differentials in block ciphers. Journal of Mathematical Cryptology 1(3), 221–242 (2007)CrossRefMathSciNetzbMATHGoogle Scholar
  11. 11.
    Daemen, J., Rijmen, V.: Probability distributions of Correlation and Differentials in Block Ciphers (2005),
  12. 12.
    Dunkelman, O., Indesteege, S., Keller, N.: A Differential-Linear Attack on 12-Round Serpent. In: Chowdhury, D.R., Rijmen, V., Das, A. (eds.) INDOCRYPT 2008. LNCS, vol. 5365, pp. 308–321. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  13. 13.
    Lai, X., Massey, J.L.: Markov Ciphers and Differential Cryptanalysis. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 17–38. Springer, Heidelberg (1991)CrossRefGoogle Scholar
  14. 14.
    Leander, G.: Small scale variants of the block cipher PRESENT. Cryptology ePrint Archive, Report 2010/143 (2010)Google Scholar
  15. 15.
    Matsui, M., Nakajima, J.: On the Power of Bitslice Implementation on Intel Core2 Processor. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 121–134. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  16. 16.
    Nakahara Jr., J., Sepehrdad, P., Zhang, B., Wang, M.: Linear (Hull) and Algebraic Cryptanalysis of the Block Cipher PRESENT. In: Garay, J.A., Miyaji, A., Otsuka, A. (eds.) CANS 2009. LNCS, vol. 5888, pp. 58–75. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  17. 17.
    Ohkuma, K.: Weak Keys of Reduced-Round PRESENT for Linear Cryptanalysis. In: Jacobson Jr., M.J., Rijmen, V., Safavi-Naini, R. (eds.) SAC 2009. LNCS, vol. 5867, pp. 249–265. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  18. 18.
    Selçuk, A.A., Biçak, A.: On Probability of Success in Linear and Differential Cryptanalysis. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol. 2576, pp. 174–185. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  19. 19.
    Selçuk, A.A.: On Probability of Success in Linear and Differential Cryptanalysis. Journal of Cryptology 21(1), 131–147 (2008)CrossRefMathSciNetzbMATHGoogle Scholar
  20. 20.
    Wang, M.: Differential Cryptanalysis of Reduced-Round PRESENT. In: Vaudenay, S. (ed.) AFRICACRYPT 2008. LNCS, vol. 5023, pp. 40–49. Springer, Heidelberg (2008)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Meiqin Wang
    • 1
    • 2
    • 3
  • Yue Sun
    • 4
  • Elmar Tischhauser
    • 2
    • 3
  • Bart Preneel
    • 2
    • 3
  1. 1.Key Laboratory of Cryptologic Technology and Information SecurityMinistry of Education, Shandong UniversityJinanChina
  2. 2.Department of Electrical Engineering ESAT/SCD-COSICKatholieke Universiteit LeuvenHeverleeBelgium
  3. 3.Interdisciplinary Institute for BroadBand Technology (IBBT)Belgium
  4. 4.Institute for Advanced StudyTsinghua UniversityBeijingChina

Personalised recommendations