Improved security evaluation of SPN block ciphers and its applications in the single-key attack on SKINNY
In this paper, a new method for evaluating the integral property, truncated and impossible differentials for substitution-permutation network (SPN) block ciphers is proposed. The main assumption is an explicit description/expression of the internal state words in terms of the plaintext (ciphertext)...
Saved in:
| Main Authors: | , , , |
|---|---|
| Other Authors: | |
| Format: | Article |
| Language: | English |
| Published: |
2020
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/145135 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-145135 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1451352023-02-28T19:37:10Z Improved security evaluation of SPN block ciphers and its applications in the single-key attack on SKINNY Zhang, Wenying Cao, Meichun Guo, Jian Pasalic, Enes School of Physical and Mathematical Sciences Library and information science::Cryptography SKINNY Competition Integral Cryptanalysis In this paper, a new method for evaluating the integral property, truncated and impossible differentials for substitution-permutation network (SPN) block ciphers is proposed. The main assumption is an explicit description/expression of the internal state words in terms of the plaintext (ciphertext) words. By counting the number of times these words occur in the internal state expression, we can evaluate the resistance of a given block cipher to integral and impossible/truncated differential attacks more accurately than previous methods. More precisely, we explore the cryptographic consequences of uneven frequency of occurrences of plaintext (ciphertext) words appearing in the algebraic expression of the internal state words. This approach gives a new family of distinguishers employing different concepts such as the integral property, impossible/truncated differentials and the so-called zero-sum property. We then provide algorithms to determine the maximum number of rounds of such new types of distinguishers for SPN block ciphers. The potential and efficiency of this relatively simple method is confirmed through applications. For instance, in the case of SKINNY block cipher, several 10-round integral distinguishers, all of the 11-round impossible differentials, and a 7-round truncated differential could be determined. For the last case, using a single pair of plaintexts differing in three words so that (a = b = c) ≠ (a’ = b’ = c’), we are able to distinguish 7-round SKINNY from random permutations. More importantly, exploiting our distinguishers, we give the first practical attack on 11-round SKINNY-128-128 in the single-key setting (a theoretical attack reaches 16 rounds). Finally, using the same ideas, we provide a concise explanation on the existing distinguishers for round-reduced AES. Ministry of Education (MOE) Nanyang Technological University National Research Foundation (NRF) Published version The authors would like to thank the anonymous reviewers for their helpful comments and suggestions. The first author is supported by the National Natural Science Foun- dation of China (Grants No. 61672330 and 61602287) and the State Scholarship Fund no.201808370069 from China Scholarship Council. The third author is supported by the National Research Foundation, Prime Minister’s Office, Singapore, under its Strategic Capability Research Centres Funding Initiative, Nanyang Technological University under grant M4082123, and Singapore’s Ministry of Education under grants M4012049, M4012153, and M4020466. 2020-12-14T01:52:42Z 2020-12-14T01:52:42Z 2020 Journal Article Zhang, W., Cao, M., Guo, J., & Pasalic, E. (2020). Improved security evaluation of SPN block ciphers and its applications in the single-key attack on SKINNY. IACR Transactions on Symmetric Cryptology, 2019(4), 171-191. doi:10.13154/tosc.v2019.i4.171-191 2519-173X https://hdl.handle.net/10356/145135 10.13154/tosc.v2019.i4.171-191 4 2019 171 191 en M4082123 M4012049 M4012153 M4020466 IACR Transactions on Symmetric Cryptology © 2020 Wenying Zhang, Meichun Cao, Jian Guo, Enes Pasalic. This work is licensed under a Creative Commons Attribution 4.0 International License. application/pdf |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
Library and information science::Cryptography SKINNY Competition Integral Cryptanalysis |
| spellingShingle |
Library and information science::Cryptography SKINNY Competition Integral Cryptanalysis Zhang, Wenying Cao, Meichun Guo, Jian Pasalic, Enes Improved security evaluation of SPN block ciphers and its applications in the single-key attack on SKINNY |
| description |
In this paper, a new method for evaluating the integral property, truncated and impossible differentials for substitution-permutation network (SPN) block ciphers is proposed. The main assumption is an explicit description/expression of the internal state words in terms of the plaintext (ciphertext) words. By counting the number of times these words occur in the internal state expression, we can evaluate the resistance of a given block cipher to integral and impossible/truncated differential attacks more accurately than previous methods. More precisely, we explore the cryptographic consequences of uneven frequency of occurrences of plaintext (ciphertext) words appearing in the algebraic expression of the internal state words. This approach gives a new family of distinguishers employing different concepts such as the integral property, impossible/truncated differentials and the so-called zero-sum property. We then provide algorithms to determine the maximum number of rounds of such new types of distinguishers for SPN block ciphers. The potential and efficiency of this relatively simple method is confirmed through applications. For instance, in the case of SKINNY block cipher, several 10-round integral distinguishers, all of the 11-round impossible differentials, and a 7-round truncated differential could be determined. For the last case, using a single pair of plaintexts differing in three words so that (a = b = c) ≠ (a’ = b’ = c’), we are able to distinguish 7-round SKINNY from random permutations. More importantly, exploiting our distinguishers, we give the first practical attack on 11-round SKINNY-128-128 in the single-key setting (a theoretical attack reaches 16 rounds). Finally, using the same ideas, we provide a concise explanation on the existing distinguishers for round-reduced AES. |
| author2 |
School of Physical and Mathematical Sciences |
| author_facet |
School of Physical and Mathematical Sciences Zhang, Wenying Cao, Meichun Guo, Jian Pasalic, Enes |
| format |
Article |
| author |
Zhang, Wenying Cao, Meichun Guo, Jian Pasalic, Enes |
| author_sort |
Zhang, Wenying |
| title |
Improved security evaluation of SPN block ciphers and its applications in the single-key attack on SKINNY |
| title_short |
Improved security evaluation of SPN block ciphers and its applications in the single-key attack on SKINNY |
| title_full |
Improved security evaluation of SPN block ciphers and its applications in the single-key attack on SKINNY |
| title_fullStr |
Improved security evaluation of SPN block ciphers and its applications in the single-key attack on SKINNY |
| title_full_unstemmed |
Improved security evaluation of SPN block ciphers and its applications in the single-key attack on SKINNY |
| title_sort |
improved security evaluation of spn block ciphers and its applications in the single-key attack on skinny |
| publishDate |
2020 |
| url |
https://hdl.handle.net/10356/145135 |
| _version_ |
1759856187402092544 |