New Slide Attacks on Almost Self-Similar Ciphers

The slide attack is a powerful cryptanalytic tool which can break iterated block ciphers with a complexity that does not depend on their number of rounds. However, it requires complete self similarity in the sense that all the rounds must be identical. While this can be the case in Feistel structures, this rarely happens in SP networks since the last round must end with an additional post-whitening subkey. In addition, in many SP networks the final round has additional asymmetries – for example, in AES the last round omits the MixColumns operation. Such asymmetry in the last round can make it difficult to utilize most of the advanced tools which were developed for slide attacks, such as deriving from one slid pair additional slid pairs by repeatedly re-encrypting their ciphertexts. Consequently, almost all the successful applications of slide attacks against real cryptosystems (e.g., FF3, GOST, SHACAL-1) had targeted Feistel structures rather than SP networks.

[1]  Thomas Peyrin,et al.  BPS : a Format-Preserving Encryption Proposal , 2010 .

[2]  Alex Biryukov,et al.  Advanced Slide Attacks , 2000, EUROCRYPT.

[3]  Christophe Clavier,et al.  Lilliput-AE : a New Lightweight Tweakable Block Cipher for Authenticated Encryption with Associated Data Submission to the NIST Lightweight Cryptography Standardization Process , 2019 .

[4]  Thomas Peyrin,et al.  Slide Attacks on a Class of Hash Functions , 2008, IACR Cryptol. ePrint Arch..

[5]  Adi Shamir,et al.  Reflections on slide with a twist attacks , 2015, Des. Codes Cryptogr..

[6]  Vincent Rijmen,et al.  The Block Cipher Square , 1997, FSE.

[7]  Amir Moradi,et al.  CRAFT: Lightweight Tweakable Block Cipher with Efficient Protection Against DFA Attacks , 2019, IACR Cryptol. ePrint Arch..

[8]  Eli Biham,et al.  A Practical Attack on KeeLoq , 2008, Journal of Cryptology.

[9]  Bogdanov Andrey,et al.  Midori: A Block Cipher for Low Energy , 2016 .

[10]  Lorenzo Grassi,et al.  Mixture Differential Cryptanalysis: New Approaches for Distinguishers and Attacks on round-reduced AES , 2018, IACR Cryptol. ePrint Arch..

[11]  Thomas Peyrin,et al.  The LED Block Cipher , 2011, IACR Cryptol. ePrint Arch..

[12]  Vincent Rijmen,et al.  New Insights on AES-Like SPN Ciphers , 2016, CRYPTO.

[13]  Gregory V. Bard,et al.  Algebraic and Slide Attacks on KeeLoq , 2008, FSE.

[14]  Vincent Rijmen,et al.  The Design of Rijndael , 2002, Information Security and Cryptography.

[15]  Adi Shamir,et al.  Slidex Attacks on the Even–Mansour Encryption Scheme , 2013, Journal of Cryptology.

[16]  Eli Biham,et al.  Efficient Slide Attacks , 2017, Journal of Cryptology.

[17]  Matthew J. B. Robshaw,et al.  Searching for Compact Algorithms: cgen , 2006, VIETCRYPT.

[18]  Eli Biham,et al.  Differential Cryptanalysis of the Data Encryption Standard , 1993, Springer New York.

[19]  Serge Vaudenay,et al.  Breaking the FF3 Format-Preserving Encryption Standard over Small Domains , 2017, CRYPTO.

[20]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[21]  Eli Biham,et al.  New types of cryptanalytic attacks using related keys , 1994, Journal of Cryptology.

[22]  Matthew J. B. Robshaw,et al.  PRINTcipher: A Block Cipher for IC-Printing , 2010, CHES.

[23]  María Naya-Plasencia,et al.  Block Ciphers That Are Easier to Mask: How Far Can We Go? , 2013, CHES.

[24]  Stefan Kölbl,et al.  Security of the AES with a Secret S-Box , 2015, FSE.

[25]  Alex Biryukov,et al.  Slide Attacks , 1999, FSE.

[26]  Lorenzo Grassi,et al.  MixColumns Properties and Attacks on (round-reduced) AES with a Single Secret S-Box , 2018, IACR Cryptol. ePrint Arch..

[27]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[28]  Gregor Leander,et al.  A Cryptanalysis of PRINTcipher: The Invariant Subspace Attack , 2011, CRYPTO.

[29]  Christian Rechberger,et al.  Subspace Trail Cryptanalysis and its Applications to AES , 2017, IACR Trans. Symmetric Cryptol..

[30]  Soichi Furuya,et al.  Slide Attacks with a Known-Plaintext Cryptanalysis , 2001, ICISC.

[31]  Eli Biham,et al.  A Simple Related-Key Attack on the Full SHACAL-1 , 2007, CT-RSA.

[32]  Orr Dunkelman,et al.  The effects of the omission of last round's MixColumns on AES , 2010, Inf. Process. Lett..

[33]  John P. Steinberger,et al.  On the Indifferentiability of Key-Alternating Ciphers , 2013, IACR Cryptol. ePrint Arch..