Integral Attacks on Reduced-Round PRESENT

Integral attack is a powerful technique to recover the secret key of block ciphers by usually exploiting the fact that specific parts of the output after several round encryptions has a zero-sum property in a set of chosen plaintexts. In FSE 2008, bit-based integral attack proposed by Z'aba et al. revealed that integral attacks may be not only suitable for byte-based block ciphers but also still applied to bit-based block ciphers. In this work, we show that integral attack against bit-based block ciphers can be improved not only by the theorem of higher-order differential attack but also by using specific algebraic properties of Sboxes, and the order of plaintexts in a set, which is important in bit-based integral attack, is not required here. We focus on the block cipher PRESENT. Based on some algebraic properties of its Sbox, we propose two integral distinguishers: a 5 round (4-th order) integral distinguisher and a 7 round (16-th order) integral distinguishers, which can be used to attack 10 (out of 31) round PRESENT. As far as we know, it is the first time that a 7 round integral distinguisher of PRESENT is reported. Algebraic techniques used in this paper may be also applied to other block ciphers to improve their known integral attacks.

[1]  Gerhard Goos,et al.  Fast Software Encryption , 2001, Lecture Notes in Computer Science.

[2]  Ross Anderson,et al.  Serpent: A Proposal for the Advanced Encryption Standard , 1998 .

[3]  Vincent Rijmen,et al.  Linear hulls with correlation zero and linear cryptanalysis of block ciphers , 2014, Des. Codes Cryptogr..

[4]  Stefan Lucks,et al.  Attacking Seven Rounds of Rijndael under 192-bit and 256-bit Keys , 2000, AES Candidate Conference.

[5]  Meiqin Wang,et al.  Differential Cryptanalysis of Reduced-Round ICEBERG , 2008, AFRICACRYPT.

[6]  Xuejia Lai Higher Order Derivatives and Differential Cryptanalysis , 1994 .

[7]  Ingrid Verbauwhede,et al.  Cryptographic Hardware and Embedded Systems - CHES 2007, 9th International Workshop, Vienna, Austria, September 10-13, 2007, Proceedings , 2007, CHES.

[8]  Joo Yeon Cho,et al.  Linear Cryptanalysis of Reduced-Round PRESENT , 2010, CT-RSA.

[9]  Alex Biryukov,et al.  Structural Cryptanalysis of SASAS , 2001, Journal of Cryptology.

[10]  Vincent Rijmen,et al.  The Block Cipher Square , 1997, FSE.

[11]  Dengguo Feng,et al.  Extending Higher-Order Integral: An Efficient Unified Algorithm of Constructing Integral Distinguishers for Block Ciphers , 2012, ACNS.

[12]  Marc Fischlin,et al.  Topics in Cryptology – CT-RSA 2009 , 2009 .

[13]  Serge Vaudenay Progress in Cryptology - AFRICACRYPT 2008, First International Conference on Cryptology in Africa, Casablanca, Morocco, June 11-14, 2008. Proceedings , 2008, AFRICACRYPT.

[14]  Andrey Bogdanov,et al.  Integral and Multidimensional Linear Distinguishers with Correlation Zero , 2012, ASIACRYPT.

[15]  Matt Henricksen,et al.  Bit-Pattern Based Integral Attack , 2008, FSE.

[16]  Bruce Schneier,et al.  Improved Cryptanalysis of Rijndael , 2000, FSE.

[17]  François-Xavier Standaert,et al.  A Statistical Saturation Attack against the Block Cipher PRESENT , 2009, CT-RSA.

[18]  Josef Pieprzyk Topics in Cryptology - CT-RSA 2010, The Cryptographers' Track at the RSA Conference 2010, San Francisco, CA, USA, March 1-5, 2010. Proceedings , 2010, CT-RSA.

[19]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[20]  Yanjun Li,et al.  Cryptanalysis of Reduced-Round KLEIN Block Cipher , 2011, Inscrypt.

[21]  Martijn Stam,et al.  Understanding Adaptivity: Random Systems Revisited , 2012, ASIACRYPT.

[22]  David A. Wagner,et al.  Integral Cryptanalysis , 2002, FSE.