A Higher Order Key Partitioning Attack with Application to LBlock

In this paper, we present a higher order key partitioning meet-in-the-middle attack. Our attack is inspired by biclique cryptanalysis combined with higher order partitioning of the key. More precisely, we employ more than two equally sized disjoint sets of the key and drop the restrictions on the key partitioning process required for building the initial biclique structure. In other words, we start the recomputation phase of the attack from the input plaintext directly, which can be regarded as a Meet-in-the-Middle-attack where the tested keys have a predefined relation. Applying our approach on LBlock allows us to present a known plaintext attack on the full thirty two round cipher with time complexity of 278.338 and negligible memory requirements. The data complexity of the attack is two plaintext-ciphertext pairs, which is the minimum theoretical data requirements attributed to the unicity distance of the cipher. Surprisingly, our results on the full LBlock are better, in terms of both computational and data complexity, than the results of its biclique cryptanalysis.

[1]  Boaz Tsaban,et al.  Improved Analysis of Zorro-Like Ciphers , 2014, IACR Cryptol. ePrint Arch..

[2]  Xiaoli Yu,et al.  Security on LBlock against Biclique Cryptanalysis , 2012, WISA.

[3]  Marine Minier,et al.  Improved Impossible Differential Attacks against Round-Reduced LBlock , 2014, IACR Cryptol. ePrint Arch..

[4]  Andrey Bogdanov,et al.  Biclique Cryptanalysis of the Full AES , 2011, ASIACRYPT.

[5]  Vincent Rijmen,et al.  Low-Data Complexity Attacks on AES , 2012, IEEE Transactions on Information Theory.

[6]  Vincent Rijmen,et al.  Differential Analysis of the LED Block Cipher , 2012, IACR Cryptol. ePrint Arch..

[7]  Yu Sasaki,et al.  Comprehensive Study of Integral Analysis on 22-Round LBlock , 2012, ICISC.

[8]  Anne Canteaut,et al.  Sieve-in-the-Middle: Improved MITM Attacks (Full Version) , 2013, IACR Cryptol. ePrint Arch..

[9]  Andrey Bogdanov,et al.  Better than Brute-Force --- Optimized Hardware Architecture for Efficient Biclique Attacks on AES-128 , 2012 .

[10]  Mohammad Reza Aref,et al.  Low-Data Complexity Biclique Cryptanalysis of Block Ciphers With Application to Piccolo and HIGHT , 2014, IEEE Transactions on Information Forensics and Security.

[11]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[12]  Amr M. Youssef,et al.  Differential Sieving for 2-Step Matching Meet-in-the-Middle Attack with Application to LBlock , 2014, LightSec.

[13]  Christophe De Cannière,et al.  KATAN and KTANTAN - A Family of Small and Efficient Hardware-Oriented Block Ciphers , 2009, CHES.

[14]  Whitfield Diffie,et al.  Special Feature Exhaustive Cryptanalysis of the NBS Data Encryption Standard , 1977, Computer.

[15]  Wenling Wu,et al.  LBlock: A Lightweight Block Cipher , 2011, ACNS.

[16]  Dawu Gu,et al.  Impossible Differential Attacks on Reduced-Round LBlock , 2012, ISPEC.

[17]  A. E. Harmanci,et al.  Impossible Differential Cryptanalysis of Reduced-Round LBlock , 2012, WISTP.

[18]  Andrey Bogdanov,et al.  A 3-Subset Meet-in-the-Middle Attack: Cryptanalysis of the Lightweight Block Cipher KTANTAN , 2010, IACR Cryptol. ePrint Arch..

[19]  Meiqin Wang,et al.  Linear (Hull) and Algebraic Cryptanalysis of the Block Cipher PRESENT , 2009, CANS.

[20]  Christian Rechberger,et al.  On Bruteforce-Like Cryptanalysis: New Meet-in-the-Middle Attacks in Symmetric Cryptanalysis , 2012, ICISC.

[21]  Atsuko Miyaji,et al.  Differential Cryptanalysis and Boomerang Cryptanalysis of LBlock , 2013, CD-ARES Workshops.

[22]  Yu Sasaki,et al.  Meet-in-the-Middle Technique for Integral Attacks against Feistel Ciphers , 2012, Selected Areas in Cryptography.

[23]  María Naya-Plasencia,et al.  Block Ciphers That Are Easier to Mask: How Far Can We Go? , 2013, CHES.

[24]  Thomas Peyrin,et al.  The LED Block Cipher , 2011, IACR Cryptol. ePrint Arch..

[25]  Donghoon Chang,et al.  Biclique cryptanalysis of full round AES with reduced data complexity , 2013 .

[26]  Andrey Bogdanov,et al.  Bicliques with Minimal Data and Time Complexity for AES , 2014, ICISC.