论文信息 - Cryptanalysis of PRESENT-like ciphers with secret S-boxes

Cryptanalysis of PRESENT-like ciphers with secret S-boxes

At Eurocrypt 2001, Biryukov and Shamir investigated the security of AES-like ciphers where the substitutions and affine transformations are all key-dependent and successfully cryptanalysed two and a half rounds. This paper considers PRESENT-like ciphers in a similar manner. We focus on the settings where the S-boxes are key dependent, and repeated for every round. We break one particular variant which was proposed in 2009 with practical complexity in a chosen plaintext/chosen ciphertext scenario. Extrapolating these results suggests that up to 28 rounds of such ciphers can be broken. Furthermore, we outline how our attack strategy can be applied to an extreme case where the S-boxes are chosen uniformly at random for each round and where the bit permutation is secret as well.

[1] Serge Vaudenay,et al. On the Weak Keys of Blowfish , 1996, FSE.

[2] Ralph C. Merkle,et al. Fast Software Encryption Functions , 1990, CRYPTO.

[3] Joo Yeon Cho,et al. Linear Cryptanalysis of Reduced-Round PRESENT , 2010, CT-RSA.

[4] Ruby B. Lee,et al. Maya: A Novel Block Encryption Function , 2009 .

[5] Alex Biryukov,et al. Structural Cryptanalysis of SASAS , 2001, Journal of Cryptology.

[6] Johann Großschädl,et al. Cryptographic Hardware and Embedded Systems --- CHES 2007 , 2007 .

[7] Bruce Schneier,et al. Description of a New Variable-Length Key, 64-bit Block Cipher (Blowfish) , 1993, FSE.

[8] Andrey Bogdanov,et al. PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[9] Henri Gilbert,et al. A Chosen Plaintext Attack of the 16-round Khufu Cryptosystem , 1994, CRYPTO.

[10] Lars R. Knudsen,et al. Cryptanalysis of C2 , 2009, CRYPTO.

[11] William Feller,et al. An Introduction to Probability Theory and Its Applications , 1967 .

[12] G. Gonnet,et al. On Lambert's W Function , 1993 .

[13] Eli Biham,et al. How to Strengthen DES Using Existing Hardware , 1994, ASIACRYPT.