Lightweight cryptography has recently gained importance as the number of Internet of things (IoT) devices connected to Internet grows. Its main goal is to provide cryptographic algorithms that can be run efficiently in resource-limited environments such as IoT. To meet the challenge, the National Institute of Standards and Technology (NIST) announced the Lightweight Cryptography (LWC) project. One of the finalists of the project is the TinyJAMBU cipher. This work evaluates the security of the cipher. The tool used for the evaluation is the cube attack. We present five distinguishing attacks DA1 – DA5 and two key recovery attacks KRA1 – KRA2. The first two distinguishing attacks (DA1 and DA2) are launched against the initialisation phase of the cipher. The best result achieved for the attacks is a distinguisher for a 18-bit Wil Liam Teng School of Electrical and Computer Engineering, Xiamen University Malaysia, Sepang 43900, Malaysia E-mail: cst1709690@xmu.edu.my Iftekhar Salam School of Electrical and Computer Engineering, Xiamen University Malaysia, Sepang 43900, Malaysia E-mail: iftekhar.salam@xmu.edu.my Wei-Chuen Yau School of Electrical and Computer Engineering, Xiamen University Malaysia, Sepang 43900, Malaysia E-mail: wcyau@xmu.edu.my Josef Pieprzyk Data61, Commonwealth Scientific and Industrial Research Organisation, Marsfield, NSW 2122, Australia Institute of Computer Science, Polish Academy of Sciences, 01-248 Warsaw, Poland E-mail: josef.pieprzyk@data61.csiro.au Raphaël C.-W. Phan School of IT, Monash University, Subang Jaya 47500, Malaysia Department of Software Systems & Cybersecurity, Faculty of IT, Monash University, Melbourne, VIC 3800, Australia E-mail: raphael.phan@monash.edu 2 Wil Liam Teng et al. cube, where the cipher variant consists of the full initialisation phase together with 438 rounds of the encryption phase. The key recovery attacks (KRA1 and KRA2) are also launched against the initialisation phase of the cipher. The best key recovery attack can be applied for a cipher variant that consists of the full initialisation phase together with 428 rounds of the encryption phase. The attacks DA3 – DA5 present a collection of distinguishers up to 437 encryption rounds, whose 32-bit cubes are chosen from the plaintext, nonce, or associated data bits. The results are confirmed experimentally. A conclusion from the work is that TinyJAMBU has a better security margin against cube attacks than claimed by the designers.
[1]
Gaoli Wang,et al.
Improved Cube Attacks on Some Authenticated Encryption Ciphers and Stream Ciphers in the Internet of Things
,
2020,
IEEE Access.
[2]
Xuejia Lai.
Higher Order Derivatives and Differential Cryptanalysis
,
1994
.
[3]
Michael Vielhaber.
Breaking ONE.FIVIUM by AIDA an Algebraic IV Differential Attack
,
2007,
IACR Cryptol. ePrint Arch..
[4]
Nicky Mouha,et al.
The Design Space of Lightweight Cryptography
,
2015,
IACR Cryptol. ePrint Arch..
[5]
Willi Meier,et al.
Cube Testers and Key Recovery Attacks on Reduced-Round MD6 and Trivium
,
2009,
FSE.
[6]
L. Bassham,et al.
Status Report on the Second Round of the NIST Lightweight Cryptography Standardization Process
,
2021
.
[7]
Adi Shamir,et al.
Breaking Grain-128 with Dynamic Cube Attacks
,
2011,
IACR Cryptol. ePrint Arch..
[8]
G. V. Assche,et al.
Sponge Functions
,
2007
.
[9]
Subhadeep Banik.
Conditional differential cryptanalysis of 105 round Grain v1
,
2015,
Cryptography and Communications.
[10]
Leonie Ruth Simpson,et al.
Investigating Cube Attacks on the Authenticated Encryption Stream Cipher MORUS
,
2017,
2017 IEEE Trustcom/BigDataSE/ICESS.
[11]
Hongjun Wu,et al.
TinyJAMBU : A Family of Lightweight Authenticated Encryption Algorithms ( Version 2 )
,
2019
.
[12]
Yosuke Todo,et al.
Cube Attacks on Non-Blackbox Polynomials Based on Division Property
,
2018,
IEEE Transactions on Computers.
[13]
Adi Shamir,et al.
Cube Attacks on Tweakable Black Box Polynomials
,
2009,
IACR Cryptol. ePrint Arch..
[14]
Leonie Ruth Simpson,et al.
Investigating Cube Attacks on the Authenticated Encryption Stream Cipher ACORN
,
2016,
ATIS.
[15]
Adi Shamir,et al.
Applying cube attacks to stream ciphers in realistic scenarios
,
2012,
Cryptography and Communications.
[16]
Yosuke Todo,et al.
Modeling for Three-Subset Division Property without Unknown Subset
,
2020,
Journal of Cryptology.
[17]
Manuel Blum,et al.
Self-testing/correcting with applications to numerical problems
,
1990,
STOC '90.
[18]
Willi Meier,et al.
High order differential attacks on stream ciphers
,
2012,
Cryptography and Communications.