Security Analysis of PRINCE

  • Jérémy Jean
  • Ivica Nikolić
  • Thomas Peyrin
  • Lei Wang
  • Shuang Wu
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8424)


In this article, we provide the first third-party security analysis of the PRINCE lightweight block cipher, and the underlying \(\mathtt{PRINCE}_{core}\). First, while no claim was made by the authors regarding related-key attacks, we show that one can attack the full cipher with only a single pair of related keys, and then reuse the same idea to derive an attack in the single-key model for the full \(\mathtt{PRINCE}_{core}\) for several instances of the \(\alpha \) parameter (yet not the one randomly chosen by the designers). We also show how to exploit the structural linear relations that exist for PRINCE in order to obtain a key recovery attack that slightly breaks the security claims for the full cipher. We analyze the application of integral attacks to get the best known key-recovery attack on a reduced version of the PRINCE cipher. Finally, we provide time-memory-data tradeoffs that require only known plaintext-ciphertext data and that can be applied to full PRINCE.


PRINCE Block cipher Cryptanalysis Related-key boomerang Time-memory-data tradeoff 



The authors would like to thank the FSE 2013 reviewers and the PRINCE team for their valuable comments. Ivica Nikolić is supported by the Singapore National Research Foundation under Research Grant NRF-CRP2-2007-03. Thomas Peyrin, Lei Wang and Shuang Wu are supported by the Singapore National Research Foundation Fellowship 2012 NRF-NRFF2012-06.


  1. 1.
    Babbage, S.: A space/time trade-off in exhaustive search attacks on stream ciphers. In: European Convention on Security and Detection, IEE Conference Publication No. 408 (1995)Google Scholar
  2. 2.
    Biryukov, A.: DES-X (or DESX). In: van Tilborg, H.C.A., Jajodia, S. (eds.) Encyclopedia of Cryptography and Security, 2nd edn, p. 331. Springer, New York (2011) Google Scholar
  3. 3.
    Bogdanov, A., Khovratovich, D., Rechberger, C.: Biclique cryptanalysis of the full AES. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 344–371. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  4. 4.
    Borghoff, J., et al.: PRINCE – a low-latency block cipher for pervasive computing applications. In: Sako, K., Wang, X. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 208–225. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  5. 5.
    Daemen, J., Knudsen, L.R., Rijmen, V.: The block cipher SQUARE. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 149–165. Springer, Heidelberg (1997) CrossRefGoogle Scholar
  6. 6.
    Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. Springer, New York (2002)CrossRefGoogle Scholar
  7. 7.
    Dunkelman, O., Keller, N., Shamir, A.: Minimalism in cryptography: the even-mansour scheme revisited. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 336–354. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  8. 8.
    Golić, J.D.: Cryptanalysis of alleged A5 stream cipher. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 239–255. Springer, Heidelberg (1997) CrossRefGoogle Scholar
  9. 9.
    Hellman, M.E.: A cryptanalytic time-memory trade-off. IEEE Trans. Inf. Theory 26(4), 401–406 (1980)CrossRefMATHMathSciNetGoogle Scholar
  10. 10.
    Kilian, J., Rogaway, P.: How to protect DES against exhaustive key search (an analysis of DESX). J. Cryptology 14(1), 17–35 (2001)CrossRefMATHMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  • Jérémy Jean
    • 1
  • Ivica Nikolić
    • 2
  • Thomas Peyrin
    • 2
  • Lei Wang
    • 2
  • Shuang Wu
    • 2
  1. 1.École Normale SupérieureParisFrance
  2. 2.Division of Mathematical Sciences, School of Physical and Mathematical SciencesNanyang Technological UniversitySingaporeSingapore

Personalised recommendations