Cryptanalysis of Some Lightweight Symmetric Ciphers

In recent years, the need for lightweight encryption systems has been increasing as many applications use RFID and sensor networks which have a very low computational power and thus incapable of performing standard cryptographic operations. In response to this problem, the cryptographic community designed a number of lightweight cryptographic primitives that varies from stream ciphers, block ciphers and recently to hash functions. Out of these many lightweight primitives, the block cipher PRESENT gets a lot of attention from the cryptographic community and it has been recently adopted by ISO as one of the international standards in lightweight cryptography. This thesis aims at analyzing and evaluating the security of some the recently proposed lightweight symmetric ciphers with a focus on PRESENT-like ciphers, namely, the block cipher PRESENT and the block cipher PRINTcipher. We provide an approach to estimate the probability of differential and linear approximations with low-weight differential and linear characteristics on PRESENT-like ciphers as well as ciphers allowing low hamming weight differential and linear characteristics. We study the effect of key scheduling in the distribution of linear approximations on a variant of PRESENT with identical round keys. We propose a new attack named the Invariant Subspace Attack that was specifically mounted against the lightweight block cipher PRINTcipher. Furthermore, we mount several attacks on a recently proposed stream cipher called A2U2.

[1]  Beresford N. Parlett,et al.  The uniform convergence of matrix powers , 1966 .

[2]  Anne Canteaut,et al.  On cryptographic properties of the cosets of R(1, m) , 2001, IEEE Trans. Inf. Theory.

[3]  Martin E. Hellman,et al.  A cryptanalytic time-memory trade-off , 1980, IEEE Trans. Inf. Theory.

[4]  Stanislav Bulygin,et al.  Study of the invariant coset attack on PRINTcipher: more weak keys with practical key recovery , 2012, IACR Cryptol. ePrint Arch..

[5]  Gregor Leander,et al.  Differential Cryptanalysis of Round-Reduced PRINTcipher: Computing Roots of Permutations , 2011, FSE.

[6]  Claude Carlet,et al.  Boolean Functions for Cryptography and Error-Correcting Codes , 2010, Boolean Models and Methods.

[7]  Erik Zenner,et al.  Cryptanalysis of the Light-Weight Cipher A2U2 , 2011, IMACC.

[8]  Dengguo Feng,et al.  A Real-Time Key Recovery Attack on the Lightweight Stream Cipher A2U2 , 2012, CANS.

[9]  Sandra Dominikus,et al.  Strong Authentication for RFID Systems Using the AES Algorithm , 2004, CHES.

[10]  Mitsuru Matsui,et al.  On Correlation Between the Order of S-boxes and the Strength of DES , 1994, EUROCRYPT.

[11]  Manuel Blum,et al.  Secure Human Identification Protocols , 2001, ASIACRYPT.

[12]  Kenneth G. Paterson Advances in Cryptology - EUROCRYPT 2011 - 30th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Tallinn, Estonia, May 15-19, 2011. Proceedings , 2011, EUROCRYPT.

[13]  Andrey Bogdanov,et al.  SPONGENT: The Design Space of Lightweight Cryptographic Hashing , 2011, IEEE Transactions on Computers.

[14]  Kaisa Nyberg,et al.  Multidimensional Linear Cryptanalysis of Reduced Round Serpent , 2008, ACISP.

[15]  Martin Ågren,et al.  On Some Symmetric Lightweight Cryptographic Designs , 2012 .

[16]  Eli Biham,et al.  Cryptanalysis of Skipjack Reduced to 31 Rounds Using Impossible Differentials , 1999, Journal of Cryptology.

[17]  R. Oldenburger,et al.  Infinite powers of matrices and characteristic roots , 1940 .

[18]  Damith C. Ranasinghe,et al.  A2U2: A stream cipher for printed electronics RFID tags , 2011, 2011 IEEE International Conference on RFID.

[19]  Xuejia Lai,et al.  Markov Ciphers and Differential Cryptanalysis , 1991, EUROCRYPT.

[20]  Tsuyoshi Takagi,et al.  Cryptographic Hardware and Embedded Systems - CHES 2011 - 13th International Workshop, Nara, Japan, September 28 - October 1, 2011. Proceedings , 2011, CHES.

[21]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[22]  Lars R. Knudsen,et al.  Truncated and Higher Order Differentials , 1994, FSE.

[23]  Céline Blondeau,et al.  Differential Cryptanalysis of PUFFIN and PUFFIN2 , 2011 .

[24]  Dennis Hofheinz,et al.  A Practical Attack on the Root Problem in Braid Groups , 2005, IACR Cryptol. ePrint Arch..

[25]  Guang Gong,et al.  An Ultra-Efficient Key Recovery Attack on the Lightweight Stream Cipher A2U2 , 2011, IACR Cryptol. ePrint Arch..

[26]  Claude Carlet,et al.  Vectorial Boolean Functions for Cryptography , 2006 .

[27]  Philip Hawkes,et al.  XOR and Non-XOR Differential Probabilities , 1999, EUROCRYPT.

[28]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[29]  Xuejia Lai Higher Order Derivatives and Differential Cryptanalysis , 1994 .

[30]  Joo Yeon Cho,et al.  Linear Cryptanalysis of Reduced-Round PRESENT , 2010, CT-RSA.

[31]  Lars R. Knudsen,et al.  Cryptanalysis of PRESENT-like ciphers with secret S-boxes , 2011, IACR Cryptol. ePrint Arch..

[32]  V. Rich Personal communication , 1989, Nature.

[33]  Jacques Stern,et al.  Advances in cryptology-EUROCRYPT '99 : International Conference on the Theory and Application of Cryptographic Techniques, Prague, Czech Republic, May 2-6, 1999 : proceedings , 1999 .

[34]  Carlo Harpes,et al.  A Generalization of Linear Cryptanalysis and the Applicability of Matsui's Piling-Up Lemma , 1995, EUROCRYPT.

[35]  Alex Biryukov,et al.  On Multiple Linear Approximations , 2004, IACR Cryptol. ePrint Arch..

[36]  Serge Vaudenay,et al.  How Far Can We Go Beyond Linear Cryptanalysis? , 2004, ASIACRYPT.

[37]  Adi Shamir SQUASH - A New MAC with Provable Security Properties for Highly Constrained Devices Such as RFID Tags , 2008, FSE.

[38]  Jesús Leaños,et al.  A note on the number of m-th roots of permutations , 2010 .

[39]  Matthew J. B. Robshaw,et al.  Linear Cryptanalysis Using Multiple Approximations , 1994, CRYPTO.

[40]  Ruby B. Lee,et al.  Maya: A Novel Block Encryption Function , 2009 .

[41]  Alfredo De Santis,et al.  Advances in Cryptology — EUROCRYPT'94 , 1994, Lecture Notes in Computer Science.

[42]  Christophe De Cannière,et al.  KATAN and KTANTAN - A Family of Small and Efficient Hardware-Oriented Block Ciphers , 2009, CHES.

[43]  Céline Blondeau,et al.  Links Between Theoretical and Effective Differential Probabilities: Experiments on PRESENT , 2010, IACR Cryptol. ePrint Arch..

[44]  Youcef Saad,et al.  A Basic Tool Kit for Sparse Matrix Computations , 1990 .

[45]  Cheng Wang,et al.  PUFFIN: A Novel Compact Block Cipher Targeted to Embedded Digital Systems , 2008, 2008 11th EUROMICRO Conference on Digital System Design Architectures, Methods and Tools.

[46]  Gregor Leander,et al.  On The Distribution of Linear Biases: Three Instructive Examples , 2012, IACR Cryptol. ePrint Arch..

[47]  Thomas Peyrin,et al.  The LED Block Cipher , 2011, IACR Cryptol. ePrint Arch..

[48]  Lars R. Knudsen,et al.  Block Ciphers: Analysis, Design and Applications , 1994 .

[49]  A. E. Harmanci,et al.  Combined Differential and Linear Cryptanalysis of Reduced-Round PRINTcipher , 2011, Selected Areas in Cryptography.

[50]  Kenji Ohkuma,et al.  Weak Keys of Reduced-Round PRESENT for Linear Cryptanalysis , 2009, Selected Areas in Cryptography.

[51]  Kaisa Nyberg,et al.  Linear Approximation of Block Ciphers , 1994, EUROCRYPT.

[52]  Thomas Johansson,et al.  Linear Cryptanalysis of PRINTcipher - Trails and Samples Everywhere , 2011, INDOCRYPT.

[53]  Jovan Dj. Golic,et al.  A Unified Markow Approach to Differential and Linear Cryptanalysis , 1994, ASIACRYPT.

[54]  Céline Blondeau,et al.  Multiple Differential Cryptanalysis: Theory and Practice , 2011, FSE.

[55]  Kaisa Nyberg,et al.  Multidimensional Extension of Matsui's Algorithm 2 , 2009, FSE.

[56]  Andrey Bogdanov,et al.  Integral and Multidimensional Linear Distinguishers with Correlation Zero , 2012, ASIACRYPT.

[57]  Matthew J. B. Robshaw,et al.  PRINTcipher: A Block Cipher for IC-Printing , 2010, CHES.

[58]  Ali Aydin Selçuk,et al.  On Probability of Success in Linear and Differential Cryptanalysis , 2008, Journal of Cryptology.

[59]  Willi Meier,et al.  Quark: A Lightweight Hash , 2010, Journal of Cryptology.

[60]  Thomas Peyrin,et al.  The PHOTON Family of Lightweight Hash Functions , 2011, IACR Cryptol. ePrint Arch..

[61]  Philippe Oechslin,et al.  Making a Faster Cryptanalytic Time-Memory Trade-Off , 2003, CRYPTO.

[62]  Vincent Rijmen,et al.  ECRYPT yearly report on algorithms and keysizes , 2009 .

[63]  Adi Shamir,et al.  Cube Attacks on Tweakable Black Box Polynomials , 2009, IACR Cryptol. ePrint Arch..

[64]  Vincent Rijmen,et al.  The Wide Trail Design Strategy , 2001, IMACC.

[65]  A I Pavlov ON THE NUMBER OF SOLUTIONS OF THE EQUATION $x^k = a$ IN THE SYMMETRIC GROUP $S_n$ , 1981 .

[66]  François-Xavier Standaert,et al.  A Statistical Saturation Attack against the Block Cipher PRESENT , 2009, CT-RSA.

[67]  Willi Meier,et al.  Fast Algebraic Attacks on Stream Ciphers with Linear Feedback , 2003, CRYPTO.

[68]  Alex Biryukov,et al.  Slide Attacks , 1999, FSE.

[69]  Aviezri S. Fraenkel,et al.  Complexity of Solving Algebraic Equations , 1980, Inf. Process. Lett..

[70]  Andrey Bogdanov,et al.  Zero Correlation Linear Cryptanalysis with Reduced Data Complexity , 2012, FSE.

[71]  Martin R. Albrecht,et al.  An All-In-One Approach to Differential Cryptanalysis for Small Block Ciphers , 2012, Selected Areas in Cryptography.

[72]  Mohamed Ahmed Abdelraheem,et al.  Estimating the Probabilities of Low-Weight Differential and Linear Approximations on PRESENT-Like Ciphers , 2012, ICISC.

[73]  Adi Shamir,et al.  Breaking Grain-128 with Dynamic Cube Attacks , 2011, IACR Cryptol. ePrint Arch..

[74]  M. Benaissa,et al.  Hardware performance of eStream phase-III stream cipher candidates , 2008 .

[75]  Yee Wei Law,et al.  KLEIN: A New Family of Lightweight Block Ciphers , 2010, RFIDSec.

[76]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[77]  Kyoji Shibutani,et al.  Piccolo: An Ultra-Lightweight Blockcipher , 2011, CHES.

[78]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[79]  Eli Biham,et al.  Differential cryptanalysis of DES-like cryptosystems , 1990, Journal of Cryptology.

[80]  Stefan Mangard,et al.  Cryptographic Hardware and Embedded Systems, CHES 2010, 12th International Workshop, Santa Barbara, CA, USA, August 17-20, 2010. Proceedings , 2010, CHES.

[81]  Vincent Rijmen,et al.  Zero-Correlation Linear Cryptanalysis of Block Ciphers , 2011, IACR Cryptol. ePrint Arch..

[82]  Matthew J. B. Robshaw,et al.  The Block Cipher Companion , 2011, Information Security and Cryptography.

[83]  Matthew J. B. Robshaw,et al.  New Stream Cipher Designs: The eSTREAM Finalists , 2008 .

[84]  Joos Vandewalle,et al.  Correlation Matrices , 1994, FSE.

[85]  Christof Paar,et al.  Pushing the Limits: A Very Compact and a Threshold Implementation of AES , 2011, EUROCRYPT.

[86]  Meiqin Wang,et al.  Differential Cryptanalysis of Reduced-Round PRESENT , 2008, AFRICACRYPT.

[87]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[88]  Ari Juels,et al.  Authenticating Pervasive Devices with Human Protocols , 2005, CRYPTO.

[89]  Andrey Bogdanov,et al.  spongent: A Lightweight Hash Function , 2011, CHES.

[90]  Vincent Rijmen,et al.  Probability distributions of correlation and differentials in block ciphers , 2007, J. Math. Cryptol..

[91]  Kaisa Nyberg,et al.  Linear Cryptanalysis Using Multiple Linear Approximations , 2011, IACR Cryptol. ePrint Arch..

[92]  Gregor Leander,et al.  On Linear Hulls, Statistical Saturation Attacks, PRESENT and a Cryptanalysis of PUFFIN , 2011, EUROCRYPT.

[93]  Antoine Joux Fast Software Encryption: 18th International Workshop, FSE 2011, Lyngby, Denmark, February 13-16, 2011, Revised Selected Papers , 2011 .

[94]  Lars R. Knudsen,et al.  Slender-Set Differential Cryptanalysis , 2011, Journal of Cryptology.

[95]  Martin Hell,et al.  The Grain Family of Stream Ciphers , 2008, The eSTREAM Finalists.

[96]  Phillip Rogaway,et al.  Nonce-Based Symmetric Encryption , 2004, FSE.

[97]  Gregor Leander,et al.  A Cryptanalysis of PRINTcipher: The Invariant Subspace Attack , 2011, CRYPTO.