Differential Sieving for 2-Step Matching Meet-in-the-Middle Attack with Application to LBlock

In this paper, we propose a modified approach for the basic meet-in-the-middle attack which we call differential sieving for 2-step matching. This technique improves the scope of the basic meet in the middle attack by providing means to extend the matching point for an extra round through differential matching and hence the overall number of the attacked rounds is extended. Our approach starts by first reducing the candidate matching space through differential matching, then the remaining candidates are further filtered by examining non shared key bits for partial state matching. This 2-step matching reduces the total matching probability and accordingly the number of remaining candidate keys that need to be retested is minimized. We apply our technique to the light weight block cipher LBlock and present a two known plaintexts attack on the fifteen round reduced cipher. Moreover, we combine our technique with short restricted bicliques and present a chosen plaintext attack on Lblock reduced to eighteen rounds.

[1]  Meiqin Wang,et al.  Linear (Hull) and Algebraic Cryptanalysis of the Block Cipher PRESENT , 2009, CANS.

[2]  Ran Canetti,et al.  Advances in Cryptology – CRYPTO 2013 , 2013, Lecture Notes in Computer Science.

[3]  Vincent Rijmen,et al.  Differential Analysis of the LED Block Cipher , 2012, IACR Cryptol. ePrint Arch..

[4]  Christophe Clavier,et al.  Cryptographic Hardware and Embedded Systems - CHES 2009, 11th International Workshop, Lausanne, Switzerland, September 6-9, 2009, Proceedings , 2009, CHES.

[5]  Alfredo Cuzzocrea,et al.  Security Engineering and Intelligence Informatics , 2013, Lecture Notes in Computer Science.

[6]  Tsuyoshi Takagi,et al.  Cryptographic Hardware and Embedded Systems - CHES 2011 - 13th International Workshop, Nara, Japan, September 28 - October 1, 2011. Proceedings , 2011, CHES.

[7]  Shai Halevi Advances in Cryptology - CRYPTO 2009, 29th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 16-20, 2009. Proceedings , 2009, CRYPTO.

[8]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[9]  Shuang Wu,et al.  (Pseudo) Preimage Attack on Round-Reduced Grøstl Hash Function and Others , 2012, FSE.

[10]  Yu Sasaki,et al.  Meet-in-the-Middle Technique for Integral Attacks against Feistel Ciphers , 2012, Selected Areas in Cryptography.

[11]  Yu Sasaki,et al.  Preimage Attacks on One-Block MD4, 63-Step MD5 and More , 2009, Selected Areas in Cryptography.

[12]  Yu Sasaki,et al.  Meet-in-the-Middle Preimage Attacks on AES Hashing Modes and an Application to Whirlpool , 2011, FSE.

[13]  Christophe De Cannière,et al.  KATAN and KTANTAN - A Family of Small and Efficient Hardware-Oriented Block Ciphers , 2009, CHES.

[14]  Amr M. Youssef,et al.  Preimage Attacks on Reduced-Round Stribog , 2014, AFRICACRYPT.

[15]  John P. Steinberger,et al.  The preimage security of double-block-length compression functions , 2011, IACR Cryptol. ePrint Arch..

[16]  Atsuko Miyaji,et al.  Differential Cryptanalysis and Boomerang Cryptanalysis of LBlock , 2013, CD-ARES Workshops.

[17]  Wenling Wu,et al.  LBlock: A Lightweight Block Cipher , 2011, ACNS.

[18]  Vincent Rijmen,et al.  Key Difference Invariant Bias in Block Ciphers , 2013, ASIACRYPT.

[19]  María Naya-Plasencia,et al.  Block Ciphers That Are Easier to Mask: How Far Can We Go? , 2013, CHES.

[20]  Whitfield Diffie,et al.  Special Feature Exhaustive Cryptanalysis of the NBS Data Encryption Standard , 1977, Computer.

[21]  Marcin Wójcik,et al.  Does My Device Leak Information? An a priori Statistical Power Analysis of Leakage Detection Tests , 2013, ASIACRYPT.

[22]  Dawu Gu,et al.  Impossible Differential Attacks on Reduced-Round LBlock , 2012, ISPEC.

[23]  A. E. Harmanci,et al.  Impossible Differential Cryptanalysis of Reduced-Round LBlock , 2012, WISTP.

[24]  Martijn Stam,et al.  Understanding Adaptivity: Random Systems Revisited , 2012, ASIACRYPT.

[25]  Thomas Peyrin,et al.  The LED Block Cipher , 2011, IACR Cryptol. ePrint Arch..

[26]  David Pointcheval,et al.  Progress in Cryptology – AFRICACRYPT 2014 , 2014, Lecture Notes in Computer Science.

[27]  Ingrid Verbauwhede,et al.  Cryptographic Hardware and Embedded Systems - CHES 2007, 9th International Workshop, Vienna, Austria, September 10-13, 2007, Proceedings , 2007, CHES.

[28]  Boaz Tsaban,et al.  Improved Analysis of Zorro-Like Ciphers , 2014, IACR Cryptol. ePrint Arch..

[29]  Information Security and Privacy , 1996, Lecture Notes in Computer Science.

[30]  Xiaoli Yu,et al.  Security on LBlock against Biclique Cryptanalysis , 2012, WISA.

[31]  Gerhard Goos,et al.  Fast Software Encryption , 2001, Lecture Notes in Computer Science.

[32]  Mark Manulis,et al.  Cryptology and Network Security , 2012, Lecture Notes in Computer Science.

[33]  Andrey Bogdanov,et al.  Biclique Cryptanalysis of the Full AES , 2011, ASIACRYPT.

[34]  Vincent Rijmen,et al.  Low-Data Complexity Attacks on AES , 2012, IEEE Transactions on Information Theory.

[35]  Andrey Bogdanov,et al.  A 3-Subset Meet-in-the-Middle Attack: Cryptanalysis of the Lightweight Block Cipher KTANTAN , 2010, IACR Cryptol. ePrint Arch..

[36]  Yu Sasaki,et al.  Meet-in-the-Middle Preimage Attacks Against Reduced SHA-0 and SHA-1 , 2009, CRYPTO.

[37]  Patel,et al.  Information Security: Theory and Practice , 2008 .

[38]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.

[39]  Wenling Wu,et al.  Improved Multidimensional Zero-Correlation Linear Cryptanalysis and Applications to LBlock and TWINE , 2014, ACISP.

[40]  Elisabeth Oswald,et al.  Profiling DPA: Efficacy and Efficiency Trade-Offs , 2013, CHES.

[41]  Anne Canteaut,et al.  Sieve-in-the-Middle: Improved MITM Attacks (Full Version) , 2013, IACR Cryptol. ePrint Arch..