access icon free Integral cryptanalysis on two block ciphers Pyjamask and uBlock

The integral cryptanalysis is a powerful cryptanalytic technique for the security evaluation of block cipher. However, when using the MILP-aided division property to search the integral distinguishers, many candidates of initial division properties need to be tested, so that the computations are unbearable in practice. This study takes advantage of the division property propagation of S-box to improve the optimal integral distinguisher searching algorithm, and further reduce its time complexity. Whereafter, the improved algorithm is used to give 8- and 9-round integral distinguishers of uBlock-128 and uBlock-256, and 10- and 9-round integral distinguishers of Pyjamask-96 and Pyjamask-128. On this basis, utilising the partial sums technique, the authors perform 9- and 11-round key-recovery attacks on uBlock-128 and Pyjamask-96, respectively. The data complexities are and , and the time complexities are less than times of 9-round uBlock-128 encryption and times of 11-round Pyjamask-96 encryption. The results given in this study are the best integral attacks available of the two ciphers presently.

Inspec keywords: cryptography; computational complexity; linear programming; integer programming; search problems

Other keywords: key-recovery attacks; Pyjamask-96; block cipher; partial sums technique; uBlock-128; S-box; integral distinguishers; uBlock-256; Pyjamask-128; MILP-aided division property; integral cryptanalysis

Subjects: Optimisation techniques; Optimisation techniques; Data security; Cryptography theory; Cryptography; Computational complexity

References

    1. 1)
      • 12. Sun, L., Wang, W., Wang, M.: ‘MILP-aided bit-based division property for primitives with non-bit-permutation linear layers’, Cryptol. ePrint Archive, 2016, 811, pp. 141.
    2. 2)
      • 2. Knudsen, L., Wagner, D.: ‘Integral cryptanalysis’. Proc. Int. Conf. FSE 2002, Leuven, Belgium, February 2002, pp. 112127.
    3. 3)
      • 20. Tunstall, M.: ‘Improved ‘partial sums’-based square attack on AES’. Proc. Int. Conf. SECRYPT 2012, Rome, Italy, July 2012, pp. 2427.
    4. 4)
      • 10. Boura, C., Canteaut, A.: ‘Another view of the division property’. Proc. Int. Conf. CRYPTO 2016, Santa Barbara, CA, USA, August 2016, pp. 654682.
    5. 5)
      • 7. Todo, Y.: ‘Integral cryptanalysis in full MISTY1’. Proc. Int. Conf. CRYPTO 2015, Santa Barbara, CA, USA, August 2015, pp. 158178.
    6. 6)
      • 6. Todo, Y.: ‘Structural evaluation by generalized integral property’. Proc. Int. Conf. EUROCRYPT 2015, Sofia, Bulgaria, April 2015, pp. 287314.
    7. 7)
      • 1. Daemen, J., Knudsen, L., Rijmen, V.: ‘The block cipher square’. Proc. Int. Conf. FSE 1997, Haifa, Israel, January 1997, pp. 149165.
    8. 8)
      • 17. Eskandari, Z., Kidmose, A.B., Kölbl, S., et al: ‘Finding integral distinguishers with ease’. Proc. Int. Conf. Selected Areas in Cryptography 2018, Pau, France, April 2018, pp. 115138.
    9. 9)
      • 8. Todo, Y., Morri, M.: ‘Bit-based division property and application to simon family’. Proc. Int. Conf. FSE 2016, Bochum, Germany, March 2016, pp. 357377.
    10. 10)
      • 3. Galice, S., Minier, M.: ‘Improving integral attacks against rijndael-256 up to 9 rounds’. Proc. Int. Conf. AFRICACRYPT 2008, Casablanca, Morocco, June 2008, pp. 115.
    11. 11)
      • 19. ‘Detailed design of the block cipher uBlock (in Chinese)’, http://sfjs.cacrnet.org.cn/site/content/387.html, accessed 26 November 2019.
    12. 12)
      • 21. Moura, L., Bjørner, N.: ‘Satisfiability modulo theories: an Appetizer’, Lect. Notes Comput. Sci., 2009, 5902, pp. 2336.
    13. 13)
      • 9. Beaulieu, R., Shors, D., Smith, J., et al: ‘The SIMON and SPECK families of lightweight block ciphers’. Proc. Int. Conf. Design Automation Conf. 2015, San Francisco, CA, USA, June 2015, pp. 16.
    14. 14)
      • 11. Xiang, Z., Zhang, W., Bao, Z., et al: ‘Applying MILP method to searching integral distinguishers based on division property for 6 lightweight block ciphers’. Proc. Int. Conf. ASIACRYPT 2016, Hanoi, Vietnam, December 2016, pp. 648678.
    15. 15)
      • 18. Pyjamask v1.0: https://csrc.nist.gov/CSRC/media/Projects/Lightweight-Cryptography/documents/round-1/spec-doc/Pyjamask-spec.pdf, accessed 26 November 2019.
    16. 16)
      • 13. Sun, L., Wang, W., Wang, M.: ‘Automatic search of bit-based division property for ARX ciphers and word-based division property’. Proc. Int. Conf. ASIACRYPT 2017, Hong Kong, China, December 2017, pp. 128157.
    17. 17)
      • 15. Hu, K., Wang, M.: ‘Automatic search for a variant of division property using three subsets’. Proc. Int. Conf. CT-RSA 2019, San Francisco, CA, USA, March 2019, pp. 412432.
    18. 18)
      • 14. Zhang, W., Rijmen, V.: ‘Division cryptanalysis of block ciphers with a binary diffusion layer’, IET Inf. Sec., 2018, 13, (2), pp. 8795.
    19. 19)
      • 16. Wang, S., Hu, B., Guan, J., et al: ‘MILP method of searching integral distinguishers based on division property using three subsets’, Cryptol. ePrint Archive, 2018, 1186, pp. 130.
    20. 20)
      • 5. Bogdanov, A., Knudsen, L., Leander, G., et al: ‘PRESENT: an ultra-lightweight block cipher’. Proc. Int. Conf. CHES 2007, Vienna, Austria, September 2007, pp. 450466.
    21. 21)
      • 4. Li, P., Sun, B., Li, C.: ‘Integral cryptanalysis of ARIA’. Proc. Int. Conf. ICISC 2010, Seoul, Korea, December 2010, pp. 114.
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-ifs.2019.0624
Loading

Related content

content/journals/10.1049/iet-ifs.2019.0624
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading