Multidimensional linear cryptanalysis with key difference invariant bias for block ciphers

被引：2

作者：

Cao, Wenqin ^{[1
,2
,3
]}

Zhang, Wentao ^{[1
,2
]}

机构：

[1] Chinese Acad Sci, Inst Informat Engn, State Key Lab Informat Secur, 89 Minzhuang Rd, Beijing 100093, Peoples R China

[2] Univ Chinese Acad Sci, Sch Cyber Secur, 19 Yuquan Rd, Beijing 100049, Peoples R China

[3] Shandong Univ Technol, Sch Math & Stat, 266Xincunxi Rd, Zibo 255000, Shandong, Peoples R China

来源：

CYBERSECURITY | 2021年 / 4卷 / 01期

基金：

中国国家自然科学基金;

关键词：

Key-alternating cipher; Key difference invariant bias; Multidimensional linear cryptanalysis; LBlock; TWINE; ATTACK;

D O I：

10.1186/s42400-021-00096-4

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

For block ciphers, Bogdanov et al. found that there are some linear approximations satisfying that their biases are deterministically invariant under key difference. This property is called key difference invariant bias. Based on this property, Bogdanov et al. proposed a related-key statistical distinguisher and turned it into key-recovery attacks on LBlock and TWINE-128. In this paper, we propose a new related-key model by combining multidimensional linear cryptanalysis with key difference invariant bias. The main theoretical advantage is that our new model does not depend on statistical independence of linear approximations. We demonstrate our cryptanalysis technique by performing key recovery attacks on LBlock and TWINE-128. By using the relations of the involved round keys to reduce the number of guessed subkey bits. Moreover, the partial-compression technique is used to reduce the time complexity. We can recover the master key of LBlock up to 25 rounds with about 2(60.4) distinct known plaintexts, 2(78.85) time complexity and 2(61) bytes of memory requirements. Our attack can recover the master key of TWINE-128 up to 28 rounds with about 2(61.5) distinct known plaintexts, 2(126.15) time complexity and 2(61) bytes of memory requirements. The results are the currently best ones on cryptanalysis of LBlock and TWINE-128.

引用

页数：18

共 21 条

[1] Joint data and key distribution of simple, multiple, and multidimensional linear cryptanalysis test statistic and its impact to data complexity [J].

Blondeau, Celine ;

Nyberg, Kaisa .

DESIGNS CODES AND CRYPTOGRAPHY, 2017, 82 (1-2) :319-349

[2]

Bogdanov A, 2013, LECT NOTES COMPUT SC, V8269, P357, DOI 10.1007/978-3-642-42033-7_19

[3]

Boztas Ozkan, 2013, Lightweight Cryptography for Security and Privacy. Second International Workshop, LightSec 2013. Revised Selected Papers: LNCS 8162, P55, DOI 10.1007/978-3-642-40392-7_5

[4]

Cho JY, 2009, LECT NOTES COMPUT SC, V5461, P383

[5] Probability distributions of correlation and differentials in block ciphers [J].

Daemen, Joan ;

Rijmen, Vincent .

JOURNAL OF MATHEMATICAL CRYPTOLOGY, 2007, 1 (03) :221-242

[6]

Daemen Joan., 2002, DESIGN RIJNDAEL AES

[7]

Hermelin M, 2008, LECT NOTES COMPUT SC, V5107, P203, DOI 10.1007/978-3-540-70500-0_15

[8]

Hermelin M, 2009, LECT NOTES COMPUT SC, V5665, P209, DOI 10.1007/978-3-642-03317-9_13

[9]

Kaliski B. S. Jr., 1994, Advances in Cryptology - CRYPTO '94. 14th Annual International Cryptology Conference. Proceedings, P26

[10]

Matsui M., 1993, LECT NOTES COMPUTER, V765, P386, DOI [DOI 10.1007/3-540-48285-7_, 10.1007/3-540-48285-733]

← 1 2 3 →