Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions with Applications to PRINCE and PRIDE

The FX-construction was proposed in 1996 by Kilian and Rogaway as a generalization of the DESX scheme. The construction increases the security of an \(n\)-bit core block cipher with a \(\kappa \)-bit key by using two additional \(n\)-bit masking keys. Recently, several concrete instances of the FX-construction were proposed, including PRINCE (proposed at Asiacrypt 2012) and PRIDE (proposed at CRYPTO 2014). These ciphers have \(n=\kappa =64\), and are proven to guarantee about \(127-d\) bits of security, assuming that their core ciphers are ideal, and the adversary can obtain at most \(2^d\) data.

[1]  Eli Biham,et al.  Rigorous Bounds on Cryptanalytic Time/Memory Tradeoffs , 2006, CRYPTO.

[2]  Joos Vandewalle,et al.  On the time-memory tradeoff between exhaustive key search and table precomputation , 1998 .

[3]  Yishay Mansour,et al.  A Construction of a Cioher From a Single Pseudorandom Permutation , 1991, ASIACRYPT.

[4]  Alex Biryukov,et al.  Advanced Slide Attacks , 2000, EUROCRYPT.

[5]  Christof Paar,et al.  Block Ciphers - Focus on the Linear Layer (feat. PRIDE) , 2014, CRYPTO.

[6]  Hideki Imai,et al.  Advances in Cryptology — ASIACRYPT '91 , 1991, Lecture Notes in Computer Science.

[7]  Paul C. van Oorschot,et al.  Parallel Collision Search with Cryptanalytic Applications , 2013, Journal of Cryptology.

[8]  Adi Shamir,et al.  Minimalism in Cryptography: The Even-Mansour Scheme Revisited , 2012, EUROCRYPT.

[9]  Joan Daemen,et al.  Limitations of the Even-Mansour Construction , 1991, ASIACRYPT.

[10]  Ingrid Verbauwhede,et al.  Time-Memory Trade-Off Attack on FPGA Platforms: UNIX Password Cracking , 2006, ARC.

[11]  Martin E. Hellman,et al.  A cryptanalytic time-memory trade-off , 1980, IEEE Trans. Inf. Theory.

[12]  Anne Canteaut,et al.  PRINCE - A Low-Latency Block Cipher for Pervasive Computing Applications - Extended Abstract , 2012, ASIACRYPT.

[13]  Anne Canteaut,et al.  Multiple Di fferential Cryptanalysis of Round-Reduced PRINCE (Full version) , 2014, IACR Cryptol. ePrint Arch..

[14]  Antoine Joux,et al.  Multi-user Collisions: Applications to Discrete Logarithm, Even-Mansour and PRINCE , 2014, ASIACRYPT.

[15]  Alex Biryukov,et al.  Cryptanalytic Time/Memory/Data Tradeoffs for Stream Ciphers , 2000, ASIACRYPT.

[16]  Tim Güneysu,et al.  Cryptanalysis with COPACOBANA , 2008, IEEE Transactions on Computers.

[17]  Jean-Didier Legat,et al.  A Time-Memory Tradeoff Using Distinguished Points: New Analysis & FPGA Results , 2002, CHES.

[18]  Alex Biryukov,et al.  Real Time Cryptanalysis of A5/1 on a PC , 2000, FSE.

[19]  Joe Kilian,et al.  How to Protect DES Against Exhaustive Key Search , 1996, CRYPTO.