Cryptanalysis of Reduced sLiSCP Permutation in Sponge-Hash and Duplex-AE Modes

This paper studies security of a family of lightweight permutations sLiSCP that was proposed by AlTawy et al. at SAC 2017. sLiSCP also specifies an authenticated encryption (AE) mode and a hashing mode based on the sponge framework, however the designers’ analysis focuses on the indistinguishability of the permutation, and there is no analysis for those modes. This paper presents the first analysis of reduced-step sLiSCP in the AE and hashing modes fully respecting the recommended parameters and usage by the designers. Forgery and collision attacks are presented against 6 (out of 18) steps of the AE and hashing modes. Moreover, rebound distinguishers are presented against 15 steps of the permutation. We believe that those results especially about the AE and hashing modes provide a better understanding of sLiSCP, and bring more confidence about the lightweight version sLiSCP-light.

[1]  Bo Zhu,et al.  The Simeck Family of Lightweight Block Ciphers , 2015, CHES.

[2]  Steve Babbage,et al.  The MICKEY Stream Ciphers , 2008, The eSTREAM Finalists.

[3]  Thomas Peyrin,et al.  Super-Sbox Cryptanalysis: Improved Attacks for AES-Like Permutations , 2010, FSE.

[4]  Mitsugu Iwamoto,et al.  Limited-birthday Distinguishers for Hash Functions - Collisions Beyond the Birthday Bound can be Meaningful , 2013, IACR Cryptol. ePrint Arch..

[5]  Vincent Rijmen,et al.  The Rebound Attack and Subspace Distinguishers: Application to Whirlpool , 2015, Journal of Cryptology.

[6]  Martin Hell,et al.  The Grain Family of Stream Ciphers , 2008, The eSTREAM Finalists.

[7]  Yosuke Todo,et al.  Structural Evaluation by Generalized Integral Property , 2015, EUROCRYPT.

[8]  Florian Mendel,et al.  The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grøstl , 2009, FSE.

[9]  Vincent Rijmen,et al.  ALE: AES-Based Lightweight Authenticated Encryption , 2013, FSE.

[10]  B Guido,et al.  Cryptographic sponge functions , 2011 .

[11]  Stefan Kölbl,et al.  Observations on the SIMON Block Cipher Family , 2015, CRYPTO.

[12]  Samuel Neves,et al.  NORX: Parallel and Scalable AEAD , 2014, ESORICS.

[13]  Guang Gong,et al.  Towards a Cryptographic Minimal Design: The sLiSCP Family of Permutations , 2018, IEEE Transactions on Computers.

[14]  Tao Huang,et al.  Leaked-State-Forgery Attack against the Authenticated Encryption Algorithm ALE , 2013, ASIACRYPT.

[15]  Thomas Peyrin,et al.  The LED Block Cipher , 2011, IACR Cryptol. ePrint Arch..

[16]  Matthew J. B. Robshaw,et al.  New Stream Cipher Designs: The eSTREAM Finalists , 2008 .

[17]  Guido Bertoni,et al.  Duplexing the sponge: single-pass authenticated encryption and other applications , 2011, IACR Cryptol. ePrint Arch..

[18]  Andrey Bogdanov,et al.  spongent: A Lightweight Hash Function , 2011, CHES.

[19]  Yunwen Liu,et al.  Rotational-XOR Cryptanalysis of Reduced-round SPECK , 2017, IACR Cryptol. ePrint Arch..

[20]  Tsuyoshi Takagi,et al.  Cryptographic Hardware and Embedded Systems - CHES 2011 - 13th International Workshop, Nara, Japan, September 28 - October 1, 2011. Proceedings , 2011, CHES.

[21]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[22]  Jason Smith,et al.  The SIMON and SPECK Families of Lightweight Block Ciphers , 2013, IACR Cryptol. ePrint Arch..

[23]  Dmitry Khovratovich,et al.  The LOCAL attack: Cryptanalysis of the authenticated encryption scheme ALE , 2013, IACR Cryptol. ePrint Arch..

[24]  Willi Meier,et al.  Quark: A Lightweight Hash , 2010, Journal of Cryptology.

[25]  Thomas Peyrin,et al.  The PHOTON Family of Lightweight Hash Functions , 2011, IACR Cryptol. ePrint Arch..

[26]  Guang Gong,et al.  sLiSCP: Simeck-Based Permutations for Lightweight Sponge Cryptographic Primitives , 2017, SAC.

[27]  Guido Bertoni,et al.  On the Indifferentiability of the Sponge Construction , 2008, EUROCRYPT.