Reflections on slide with a twist attacks

Slide attacks use pairs of encryption operations which are slid against each other. Slide with a twist attacks are more sophisticated variants of slide attacks which slide an encryption operation against a decryption operation. Designed by Biryukov and Wagner in 2000, these attacks were used against several cryptosystems, including DESX, the Even–Mansour construction, and Feistel structures with four-round self-similarity. They were further extended in 2012 to the mirror slidex framework, which was used to attack the 20-round GOST block cipher and several additional variants of the Even–Mansour construction. In this paper, we revisit all the previously published applications of these techniques and show that in almost all cases, the same or better results can be achieved by a simpler attack which is based on the seemingly unrelated idea of exploiting internal fixed points. The observation that such fixed points can be useful in cryptanalysis of block ciphers is known for decades and is the basis of the reflection attack presented by Kara in 2007. However, all the examples to which reflection attacks were applied were based on particular constructions such as Feistel structures or GOST key schedules in which it was easy to explicitly list and count the fixed points. In this paper, we generalize Kara’s reflection attack by using the combinatorial result that random involutions on $$2^n$$2n values are expected to have a surprisingly large number of $$O(2^{n/2})$$O(2n/2) fixed points (whereas random permutations are expected to have only O(1) fixed points). This makes it possible to reduce the complexity of the best known attack on additional cryptographic schemes in which it is difficult to explicitly characterize and count the internal fixed points.

[1]  Xiaoli Yu,et al.  Reflection Cryptanalysis of PRINCE-Like Ciphers , 2013, Journal of Cryptology.

[2]  Carl Pomerance,et al.  Advances in Cryptology — CRYPTO ’87 , 2000, Lecture Notes in Computer Science.

[3]  Jennifer Seberry,et al.  Key Scheduling In Des Type Cryptosystems , 1990, AUSCRYPT.

[4]  Philippe Flajolet,et al.  Analytic Combinatorics , 2009 .

[5]  Alex Biryukov,et al.  Advanced Slide Attacks , 2000, EUROCRYPT.

[6]  Adi Shamir,et al.  Slidex Attacks on the Even–Mansour Encryption Scheme , 2013, Journal of Cryptology.

[7]  Adi Shamir,et al.  Minimalism in Cryptography: The Even-Mansour Scheme Revisited , 2012, EUROCRYPT.

[8]  Gregory V. Bard,et al.  Statistics of Random Permutations and the Cryptanalysis of Periodic Block Ciphers , 2012, Cryptologia.

[9]  Nicolas Courtois,et al.  Algebraic Complexity Reduction and Cryptanalysis of GOST , 2011, IACR Cryptol. ePrint Arch..

[10]  Orhun Kara Reflection Attacks on Product Ciphers , 2007, IACR Cryptol. ePrint Arch..

[11]  Adi Shamir,et al.  Improved Attacks on Full GOST , 2012, IACR Cryptol. ePrint Arch..

[12]  Takanori Isobe,et al.  A Single-Key Attack on the Full GOST Block Cipher , 2011, Journal of Cryptology.

[13]  Hadi Soleimany,et al.  Probabilistic Slide Cryptanalysis and Its Applications to LED-64 and Zorro , 2014, FSE.

[14]  Yishay Mansour,et al.  A construction of a cipher from a single pseudorandom permutation , 1997, Journal of Cryptology.

[15]  Ronald L. Rivest,et al.  Is DES a Pure Cipher? (Results of More Cycling Experiments on DES) , 1985, CRYPTO.

[16]  Don Coppersmith,et al.  The Real Reason for Rivest's Phenomenon , 1985, CRYPTO.

[17]  Alex Biryukov,et al.  Slide Attacks , 1999, FSE.

[18]  P. Flajolet,et al.  Analytic Combinatorics: RANDOM STRUCTURES , 2009 .

[19]  Gregory V. Bard,et al.  Random Permutation Statistics and an Improved Slide-Determine Attack on KeeLoq , 2012, Cryptography and Security.

[20]  H. C. Williams,et al.  Advances in Cryptology - CRYPTO '85, Santa Barbara, California, USA, August 18-22, 1985, Proceedings , 1986, CRYPTO.