Abstract
We propose a general technique to improve the key-guessing step of several attacks on block ciphers. This is achieved by defining and studying some new properties of the associated S-boxes and by representing them as a special type of decision trees that are crucial for finding fine-grained guessing strategies for various attack vectors. We have proposed and implemented the algorithm that efficiently finds such trees, and use it for providing several applications of this approach, which include the best known attacks on Noekeon, GIFT, and RECTANGLE.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
- 2.
We use a slightly different definition of linear structures for vectorial Boolean functions which suits our purpose better than the original.
- 3.
For the sake of simplicity, we will consider in this section that key-guessing rounds are done in the beginning, but everything can be applied similarly in the last rounds.
- 4.
128 operations per S-box layer or key addition, 64 operations per linear layer.
- 5.
A differential attack that requires less data is claimed by the authors of [1] thanks to a distinguisher that covers the same number of rounds with better probability. However, no description or time complexity of the attack was given and we could not verify it due to the large time complexity of the key-guessing phase. We believe that, with the techniques presented in this paper, it could be possible to make the attack work, but the time and memory complexity would still be much worse than the attack we present here.
References
Ankele, R., Kölbl, S.: Mind the gap - a closer look at the security of block ciphers against differential cryptanalysis. In: Cid, C., Jacobson, Jr. M. (eds.) SAC 2018. LNCS, vol. 11349, pp. 163–190. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-10970-7_8
Banik, S., Pandey, S.K., Peyrin, T., Sasaki, Yu., Sim, S.M., Todo, Y.: GIFT: a small present - towards reaching the limit of lightweight encryption. In: Fischer, W., Homma, N. (eds.) CHES 2017. LNCS, vol. 10529, pp. 321–345. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66787-4_16
Biham, E., Shamir, A.: Differential cryptanalysis of DES-like cryptosystems. In: Menezes, A.J., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 2–21. Springer, Heidelberg (1991). https://doi.org/10.1007/3-540-38424-3_1
Blondeau, C., Gérard, B., Nyberg, K.: [Multiple Differential Cryptanalysis Using , and χ2 Statistics]. In: Visconti, I., De Prisco, R. (eds.) SCN 2012. LNCS, vol. 7485, pp. 343–360. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32928-9_19
Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y., Vikkelsoe, C.: PRESENT: an ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74735-2_31
Broll, M., et al.: Further improving differential-linear attacks: Applications to chaskey and serpent. Cryptology ePrint Archive, Report 2021/820 (2021). https://ia.cr/2021/820
Broll, M., Canale, F., Leander, G., Gutiérrez, A.F., Naya-Plasencia, M.: Generic framework for key-guessing improvements. Cryptology ePrint Archive, Report 2021/1238 (2021). https://ia.cr/2021/1238
Canteaut, A., Naya-Plasencia, M., Vayssière, B.: Sieve-in-the-middle: improved MITM attacks. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 222–240. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40041-4_13
Collard, B., Standaert, F.-X., Quisquater, J.-J.: Improving the time complexity of matsui’s linear cryptanalysis. In: Nam, K.-H., Rhee, G. (eds.) Improving the time complexity of Matsui’s linear cryptanalysis. LNCS, vol. 4817, pp. 77–88. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-76788-6_7
Daemen, J., Peeters, M., Assche, G., Rijmen, V.: The NOEKEON block cipher. Nessie proposals (2000)
Eichlseder, M., Kales, D.: Clustering related-tweak characteristics: application to MANTIS-6. IACR Trans. Symmetric Cryptol. 2018(2), 111–132 (2018)
Evertse, J.-H.: Linear structures in blockciphers. In: Chaum, D., Price, W.L. (eds.) Linear structures in blockciphers. LNCS, vol. 304, pp. 249–266. Springer, Heidelberg (1988). https://doi.org/10.1007/3-540-39118-5_23
Flórez-Gutiérrez, A., Naya-Plasencia, M.: Improving key-recovery in linear attacks: application to 28-round PRESENT. In: Canteaut, A., Ishai, Y. (eds.) Improving key-recovery in linear attacks: Application to 28-round PRESENT. LNCS, vol. 12105, pp. 221–249. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45721-1_9
Ji, F., Zhang, W., Zhou, C., Ding, T.: Improved (related-key) differential cryptanalysis on GIFT. IACR Cryptol. ePrint Arch. 2020, 1242 (2020). https://eprint.iacr.org/2020/1242
Leurent, G.: Differential and linear cryptanalysis of ARX with partitioning - application to FEAL and chaskey. IACR Cryptol. ePrint Arch. 2015, 968 (2015). http://eprint.iacr.org/2015/968
Matsui, M.: The first experimental cryptanalysis of the data encryption standard. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 1–11. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48658-5_1
Matsui, M., Yamagishi, A.: A new method for known plaintext attack of FEAL cipher. In: Rueppel, R.A. (ed.) A new method for known plaintext attack of FEAL cipher. LNCS, vol. 658, pp. 81–91. Springer, Heidelberg (1993). https://doi.org/10.1007/3-540-47555-9_7
O’Donnell, R.: Analysis of Boolean Functions. Cambridge University Press (2014)
Shan, J., Hu, L., Song, L., Sun, S., Ma, X.: Related-key differential attack on round reduced RECTANGLE-80. IACR Cryptol. ePrint Arch. 2014, 986 (2014). http://eprint.iacr.org/2014/986
Shpilka, A., Tal, A., lee Volk, B.: On the structure of boolean functions with small spectral norm. Comput. Complex. 26(1), 229–273 (2017)
Sun, L., Wang, W., Wang, M.: Accelerating the search of differential and linear characteristics with the SAT method. IACR Trans. Symmetric Cryptol. 2021(1), 269–315 (2021)
Zhang, W., Bao, Z., Lin, D., Rijmen, V., Yang, B., Verbauwhede, I.: RECTANGLE: a bit-slice lightweight block cipher suitable for multiple platforms. Sci. China Inf. Sci. 58(12), 1–15 (2015)
Zhao, B., Dong, X., Jia, K.: New related-tweakey boomerang and rectangle attacks on Deoxys-BC including BDT effect. IACR Trans. Symmetric Cryptol. 2019(3), 121–151 (2019)
Acknowledgment
This work was partially funded by the DFG, (German Research Foundation) under Germany’s Excellence Strategy - EXC 2092 CASA - 390781972 and within the APLICA project. We would further like to thank Shahram Rasoolzadeh for his valuable support. This project has received funding from the European Research Council (ERC) under the European Union’s Horizon 2020 research and innovation programme (grant agreement no. 714294 - acronym QUASYModo).
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 International Association for Cryptologic Research
About this paper
Cite this paper
Broll, M., Canale, F., Flórez-Gutiérrez, A., Leander, G., Naya-Plasencia, M. (2021). Generic Framework for Key-Guessing Improvements. In: Tibouchi, M., Wang, H. (eds) Advances in Cryptology – ASIACRYPT 2021. ASIACRYPT 2021. Lecture Notes in Computer Science(), vol 13090. Springer, Cham. https://doi.org/10.1007/978-3-030-92062-3_16
Download citation
DOI: https://doi.org/10.1007/978-3-030-92062-3_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-92061-6
Online ISBN: 978-3-030-92062-3
eBook Packages: Computer ScienceComputer Science (R0)
