On the Key Schedule Strength of PRESENT

We present here the results of a playful research on how to measure the strength of a key schedule algorithm, with applications to PRESENT, including its two variants with 80 and 128 bit keys. We do not claim to have discovered any devastating weakness, but believe that some of the results presented, albeit controversial, could be of interest for other researchers investigating this cipher, notably for those working in impossible differentials and related key or slide attacks. Furthermore, in the case of PRESENT, key schedule features shown here may be exploited to attack some of the PRESENT-based hash functions. We carried out a probabilistic metaheuristic search for semi-equivalent keys, annihilators and entropy minima, and proposed a simple way of combining these results into a single value with a straightforward mathematical expression that could help in abstracting resistance to the set of presented analysis. Surprisingly, PRESENT−128 seems weaker than PRESENT−80 in the light of this new measure.

[1]  Meiqin Wang,et al.  Differential Cryptanalysis of Reduced-Round PRESENT , 2008, AFRICACRYPT.

[2]  Aggelos Kiayias,et al.  Traitor Tracing with Constant Transmission Rate , 2002, EUROCRYPT.

[3]  Ingrid Verbauwhede,et al.  Cryptographic Hardware and Embedded Systems - CHES 2007, 9th International Workshop, Vienna, Austria, September 10-13, 2007, Proceedings , 2007, CHES.

[4]  Andrey Bogdanov,et al.  Hash Functions and RFID Tags: Mind the Gap , 2008, CHES.

[5]  John A. Clark,et al.  Fault Injection and a Timing Channel on an Analysis Technique , 2002, EUROCRYPT.

[6]  Serge Vaudenay Progress in Cryptology - AFRICACRYPT 2008, First International Conference on Cryptology in Africa, Casablanca, Morocco, June 11-14, 2008. Proceedings , 2008, AFRICACRYPT.

[7]  Cihangir Tezcan,et al.  Lightweight Block Ciphers Revisited: Cryptanalysis of Reduced Round PRESENT and HIGHT , 2009, ACISP.

[8]  Lars R. Knudsen,et al.  Analysis of Trivium by a Simulated Annealing variant , 2010 .

[9]  Willi Meier,et al.  Cryptanalysis of an Identification Scheme Based on the Permuted Perceptron Problem , 1999, EUROCRYPT.

[10]  Kenji Ohkuma,et al.  Weak Keys of Reduced-Round PRESENT for Linear Cryptanalysis , 2009, Selected Areas in Cryptography.

[11]  Christophe Clavier,et al.  Cryptographic Hardware and Embedded Systems - CHES 2009, 11th International Workshop, Lausanne, Switzerland, September 6-9, 2009, Proceedings , 2009, CHES.

[12]  Marc Fischlin,et al.  Topics in Cryptology – CT-RSA 2009 , 2009 .

[13]  Jacques Stern,et al.  Advances in Cryptology — EUROCRYPT ’99 , 1999, Lecture Notes in Computer Science.

[14]  Gerhard Goos,et al.  Fast Software Encryption , 2001, Lecture Notes in Computer Science.

[15]  Information Security and Privacy , 1996, Lecture Notes in Computer Science.

[16]  C. D. Gelatt,et al.  Optimization by Simulated Annealing , 1983, Science.

[17]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[18]  Ross Anderson,et al.  Serpent: A Proposal for the Advanced Encryption Standard , 1998 .

[19]  Manoj Kumar,et al.  Flaws in Differential Cryptanalysis of Reduced Round PRESENT , 2010, IACR Cryptol. ePrint Arch..

[20]  Meiqin Wang,et al.  Differential Cryptanalysis of Reduced-Round ICEBERG , 2008, AFRICACRYPT.

[21]  François-Xavier Standaert,et al.  A Statistical Saturation Attack against the Block Cipher PRESENT , 2009, CT-RSA.

[22]  Christophe De Cannière,et al.  KATAN and KTANTAN - A Family of Small and Efficient Hardware-Oriented Block Ciphers , 2009, CHES.

[23]  Martin R. Albrecht,et al.  Algebraic Techniques in Differential Cryptanalysis , 2009, IACR Cryptol. ePrint Arch..

[24]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.