Linear cryptanalysis of reduced-round SPECK

SPECK is a family of lightweight block ciphers which was proposed by United States National Security Agency and designed for optimal performance in software. The paper gives the security of SPECK against linear cryptanalysis and introduces 9, 10, 12, 15 and 16 rounds linear approximations on SPECK for block sizes of 32, 48, 64, 96 and 128 bits, respectively. Partial linear mask table is used to speed up the search progress rather than the linear mask table. Using the structure of red-black tree to store the pLMT, we deduce the search time. Combining the Segment Searching with branch-and-bound method, the search time is further reduced. For 48-, 96- and 128-bit version the lengths of the linear approximations are 1, 9 and 10 rounds longer than the previous linear cryptanalytic. For SPECK64 the correlation of the linear approximation is twice as much as the previous linear cryptanalytic. As a result, we improve the previous linear cryptanalysis and gain more obvious advantage for block lengths of 96 and 128 bits. Especially, in aspect of SPECK96/144, SPECK128/192 and SPECK128/256 we can attack the same rounds as the best previous attacks. A new search method for linear approximations of the SPECK family.The best known linear approximations of the SPECK family.The best Linear attack on SPECK96 and SPECK128.The same round numbers on SPECK96 and SPECK128 as the best key recovery attack.

[1]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[2]  Mitsuru Matsui,et al.  On Correlation Between the Order of S-boxes and the Strength of DES , 1994, EUROCRYPT.

[3]  Itai Dinur,et al.  Improved Differential Cryptanalysis of Round-Reduced Speck , 2014, IACR Cryptol. ePrint Arch..

[4]  Ali Aydin Selçuk,et al.  On Probability of Success in Linear and Differential Cryptanalysis , 2008, Journal of Cryptology.

[5]  Kaisa Nyberg,et al.  Improved Linear Distinguishers for SNOW 2.0 , 2006, FSE.

[6]  Debdeep Mukhopadhyay,et al.  Differential Fault Analysis on the Families of SIMON and SPECK Ciphers , 2014, 2014 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[7]  Johan Wallén Linear Approximations of Addition Modulo 2n , 2003, FSE.

[8]  Bin Zhang,et al.  Automatic Search for Linear Trails of the SPECK Family , 2015, ISC.

[9]  Ernst Schulte-Geers On CCZ-equivalence of addition mod 2n , 2013, Des. Codes Cryptogr..

[10]  Alex Biryukov,et al.  Differential Analysis of Block Ciphers SIMON and SPECK , 2014, FSE.

[11]  Bruce Schneier,et al.  Improved Cryptanalysis of Rijndael , 2000, FSE.

[12]  Mitsuru Matsui,et al.  The First Experimental Cryptanalysis of the Data Encryption Standard , 1994, CRYPTO.

[13]  Jason Smith,et al.  The SIMON and SPECK lightweight block ciphers , 2015, 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[14]  Stefan Lucks,et al.  Differential Cryptanalysis of Round-Reduced Simon and Speck , 2014, FSE.

[15]  Seyed Mojtaba Dehnavi,et al.  A More Explicit Formula for Linear Probabilities of Modular Addition Modulo a Power of Two , 2015, IACR Cryptol. ePrint Arch..