Multi-differential Cryptanalysis on Reduced DM-PRESENT-80: Collisions and Other Differential Properties

The current paper studies differential properties of the compression function of reduced-round DM-PRESENT-80, which was proposed at CHES 2008 as a lightweight hash function with 64-bit digests. Our main result is a collision attack on 12 rounds with a complexity of 229.18 12-round DM-PRESENT computations. Then, the attack is extended to an 18-round distinguisher and an 12-round second preimage attack. In our analysis, the differential characteristic is satisfied by the start-from-the-middle approach. Our success lies in the detailed analysis of the data transition, where the internal state and message values are carefully chosen so that a differential characteristic for 5 rounds can be satisfied with complexity 1 on average. In order to reduce the attack complexity, we consider as many techniques as possible; multi-inbound technique, early aborting technique, precomputation of look-up tables, multi-differential characteristics.

[1]  Kenji Ohkuma,et al.  Weak Keys of Reduced-Round PRESENT for Linear Cryptanalysis , 2009, Selected Areas in Cryptography.

[2]  Vincent Rijmen,et al.  Rebound Distinguishers: Results on the Full Whirlpool Compression Function , 2009, ASIACRYPT.

[3]  Gerhard Goos,et al.  Fast Software Encryption , 2001, Lecture Notes in Computer Science.

[4]  Mark Manulis,et al.  Cryptology and Network Security , 2012, Lecture Notes in Computer Science.

[5]  Benny Pinkas,et al.  Secure Two-Party Computation is Practical , 2009, IACR Cryptol. ePrint Arch..

[6]  Andrey Bogdanov,et al.  spongent: A Lightweight Hash Function , 2011, CHES.

[7]  Thomas Peyrin,et al.  Improved Cryptanalysis of the Reduced Grøstl Compression Function, ECHO Permutation and AES Block Cipher , 2009, Selected Areas in Cryptography.

[8]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.

[9]  Ingrid Verbauwhede,et al.  Cryptographic Hardware and Embedded Systems - CHES 2007, 9th International Workshop, Vienna, Austria, September 10-13, 2007, Proceedings , 2007, CHES.

[10]  Joo Yeon Cho,et al.  Linear Cryptanalysis of Reduced-Round PRESENT , 2010, CT-RSA.

[11]  Céline Blondeau,et al.  Multiple Differential Cryptanalysis: Theory and Practice , 2011, FSE.

[12]  Meiqin Wang,et al.  Linear (Hull) and Algebraic Cryptanalysis of the Block Cipher PRESENT , 2009, CANS.

[13]  Serge Vaudenay Progress in Cryptology - AFRICACRYPT 2008, First International Conference on Cryptology in Africa, Casablanca, Morocco, June 11-14, 2008. Proceedings , 2008, AFRICACRYPT.

[14]  Meiqin Wang,et al.  Differential Cryptanalysis of Reduced-Round ICEBERG , 2008, AFRICACRYPT.

[15]  Xiaoyun Wang,et al.  The Second-Preimage Attack on MD4 , 2005, CANS.

[16]  Andrey Bogdanov,et al.  Hash Functions and RFID Tags: Mind the Gap , 2008, CHES.

[17]  Vincent Rijmen,et al.  The Impact of Carries on the Complexity of Collision Attacks on SHA-1 , 2006, FSE.

[18]  Nigel P. Smart,et al.  Advances in Cryptology - EUROCRYPT 2008, 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Istanbul, Turkey, April 13-17, 2008. Proceedings , 2008, EUROCRYPT.

[19]  Thomas Peyrin,et al.  Super-Sbox Cryptanalysis: Improved Attacks for AES-Like Permutations , 2010, FSE.

[20]  Christian Rechberger,et al.  Second-Preimage Analysis of Reduced SHA-1 , 2010, ACISP.

[21]  Kaisa Nyberg,et al.  Linear Cryptanalysis Using Multiple Linear Approximations , 2011, IACR Cryptol. ePrint Arch..

[22]  Cihangir Tezcan,et al.  Lightweight Block Ciphers Revisited: Cryptanalysis of Reduced Round PRESENT and HIGHT , 2009, ACISP.

[23]  Tsuyoshi Takagi,et al.  Cryptographic Hardware and Embedded Systems - CHES 2011 - 13th International Workshop, Nara, Japan, September 28 - October 1, 2011. Proceedings , 2011, CHES.

[24]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[25]  Christophe De Cannière,et al.  Finding SHA-1 Characteristics: General Results and Applications , 2006, ASIACRYPT.

[26]  Kefei Chen,et al.  Advances in Cryptology - ASIACRYPT 2006, 12th International Conference on the Theory and Application of Cryptology and Information Security, Shanghai, China, December 3-7, 2006, Proceedings , 2006, ASIACRYPT.

[27]  Meiqin Wang,et al.  Effect of the Dependent Paths in Linear Hull , 2010, IACR Cryptol. ePrint Arch..

[28]  Information Security and Privacy , 1996, Lecture Notes in Computer Science.

[29]  Florian Mendel,et al.  The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grøstl , 2009, FSE.

[30]  Guido Bertoni,et al.  On the Indifferentiability of the Sponge Construction , 2008, EUROCRYPT.

[31]  Manoj Kumar,et al.  Flaws in Differential Cryptanalysis of Reduced Round PRESENT , 2010, IACR Cryptol. ePrint Arch..

[32]  Elisabeth Oswald,et al.  Cryptographic Hardware and Embedded Systems - CHES 2008, 10th International Workshop, Washington, D.C., USA, August 10-13, 2008. Proceedings , 2008, CHES.

[33]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[34]  Josef Pieprzyk Topics in Cryptology - CT-RSA 2010, The Cryptographers' Track at the RSA Conference 2010, San Francisco, CA, USA, March 1-5, 2010. Proceedings , 2010, CT-RSA.

[35]  Yu Sasaki,et al.  Rebound Attack on the Full Lane Compression Function , 2009, ASIACRYPT.