Integral and impossible-differential attacks on the reduced-round Lesamnta-LW-BC

Lesamnta-LW-BC is the internal block cipher of the Lesamnta-LW lightweight hash function, specified in ISO/IEC 29192-5:2016. It is based on the unbalanced Feistel network and Advanced Encryption Standard round function. In this study, the security of Lesamnta-LW-BC against integral and impossible-differential attacks is evaluated. Specifically, the authors searched for the integral distinguishers and impossible differentials with Mixed-Integer Linear Programming-based methods. As a result, the discovered impossible differential can reach up to 21 rounds, while three integral distinguishers reaching 18, 19 and 25 rounds are obtained, respectively. Moreover, it is also feasible to construct a 47-round integral distinguisher in the known-key setting. Finally, a 20-round key-recovery attack is proposed based on the discovered 18-round integral distinguisher and a 19-round key-recovery attack using a 17-round impossible differential. To the best of the authors' knowledge, this is the first third-party cryptanalysis of Lesamnta-LW-BC.