Skip to main content
SpringerLink
Log in

Automatic Security Evaluation of Block Ciphers with S-bP Structures Against Related-Key Differential Attacks

  • Conference paper
  • First Online:
Information Security and Cryptology (Inscrypt 2013)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8567))

Included in the following conference series:

Abstract

Counting the number of active S-boxes is a common way to evaluate the security of symmetric key cryptographic schemes against differential attack. Based on Mixed Integer Linear Programming (MILP), Mouha et al. proposed a method to accomplish this task automatically for word-oriented symmetric-key ciphers with SPN structures. However, this method can not be applied directly to block ciphers of SPN structures with bitwise permutation diffusion layers (S-bP structures), due to its ignorance of the diffusion effect derived collaboratively by nonlinear substitution layers and bitwise permutation layers. In this paper we extend Mouha et al.’s method for S-bP structures by introducing new representations for exclusive-or (XOR) differences to describe bit/word level differences simultaneously and by taking the collaborative diffusion effect of S-boxes and bitwise permutations into account. Our method is applied to the block cipher PRESENT-80, an international standard for lightweight symmetric key cryptography, to automatically evaluate its security against differential attacks. We obtain lower bounds on the numbers of active S-boxes in the single-key model for full 31-round PRESENT-80 and in related-key model for round-reduced PRESENT-80 up to 12 rounds, and therefore automatically prove that the full-round PRESENT-80 is secure against single-key differential attack, and the cost of related-key differential attack on the full-round PRESENT-80 is close to that of an exhaustive search: the best related-key differential characteristic for full PRESENT-80 is upper bounded by \(2^{-72}\).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Achterberg, T.: SCIP-a framework to integrate constraint and mixed integer programming. Report 04–19, Zuse Institute, Berlin (2004)

    Google Scholar 

  2. Albrecht, M., Cid, C.: Cold boot key recovery by solving polynomial systems with noise. In: Lopez, J., Tsudik, G. (eds.) ACNS 2011. LNCS, vol. 6715, pp. 57–72. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  3. Aoki, K., Ichikawa, T., Kanda, M., Matsui, M., Moriai, S., Nakajima, J., Tokita, T.: \(Camellia\): A 128-bit block cipher suitable for multiple platforms - design and analysis. In: Stinson, D.R., Tavares, S. (eds.) SAC 2000. LNCS, vol. 2012, pp. 39–56. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  4. Biham, E.: New types of cryptanalytic attacks using related keys. J. Crypt. 7(4), 229–246 (1994)

    Article  MATH  Google Scholar 

  5. Biham, E., Biryukov, A., Shamir, A.: Cryptanalysis of skipjack reduced to 31 rounds using impossible differentials. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 12–23. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  6. Biham, E., Shamir, A.: Differential cryptanalysis of DES-like cryptosystems. J. Crypt. 4(1), 3–72 (1991)

    Article  MathSciNet  MATH  Google Scholar 

  7. Bogdanov, A.A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M., Seurin, Y., Vikkelsoe, C.: PRESENT: An ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  8. Bogdanov, A., Rijmen, V.: Zero correlation linear cryptanalysis of block ciphers. IACR Eprint Archive report 123 (2011)

    Google Scholar 

  9. Borghoff, J., Canteaut, A., Güneysu, T., Kavun, E.B., Knezevic, M., Knudsen, L.R., Leander, G., Nikov, V., Paar, C., Rechberger, C., Rombouts, P., Thomsen, S.S., Yalçın, T.: PRINCE – a low-latency block cipher for pervasive computing Applications. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 208–225. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  10. Borghoff, J., Knudsen, L.R., Stolpe, M.: Bivium as a mixed-integer linear programming problem. In: Parker, M.G. (ed.) Cryptography and Coding 2009. LNCS, vol. 5921, pp. 133–152. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  11. Bulygin, S., Walter, M.: Study of the invariant coset attack on printcipher: more weak keys with practical key recovery. Technical report, Cryptology eprint Archive, Report 2012/85 (2012)

    Google Scholar 

  12. CPLEX, I.I.: IBM software group. User-Manual CPLEX 12 (2011)

    Google Scholar 

  13. Daemen, J., Rijmen, V.: The wide trail strategy. In: Honary, B. (ed.) The Design of Rijndael. Information Security and Cryptography, pp. 123–147. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  14. Daemen, J., Rijmen, V.: AES Proposal: Rijndael. In: Proceedings from the First Advanced Encryption Standard Candidate Conference, National Institute of Standards and Technology (NIST) (1998)

    Google Scholar 

  15. Gurobi: Gurobi optimizer reference manual (2012). http://www.gurobi.com

  16. Halderman, J.A., Schoen, S.D., Heninger, N., Clarkson, W., Paul, W., Calandrino, J.A., Feldman, A.J., Appelbaum, J., Felten, E.W.: Lest we remember: cold-boot attacks on encryption keys. Commun. ACM 52(5), 91–98 (2009)

    Article  Google Scholar 

  17. Kanda, M.: Practical security evaluation against differential and linear cryptanalyses for feistel ciphers with SPN round function. In: Stinson, D.R., Tavares, S. (eds.) SAC 2000. LNCS, vol. 2012, pp. 324–338. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  18. Kantorovich, L.V.: A new method of solving some classes of extremal problems. Dokl. Akad. Sci. USSR. 28, 211–214 (1940)

    Google Scholar 

  19. Knudsen, L., Leander, G., Poschmann, A., Robshaw, M.J.B.: PRINTcipher: a block cipher for IC-printing. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 16–32. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  20. Matsui, M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994)

    Chapter  Google Scholar 

  21. Matsui, M.: Differential path search of the block cipher E2. Technical report, ISEC99-19, pp. 57–64 (1999)

    Google Scholar 

  22. Mouha, N., Wang, Q., Gu, D., Preneel, B.: Differential and linear cryptanalysis using mixed-integer linear programming. In: Wu, C.-K., Yung, M., Lin, D. (eds.) Inscrypt 2011. LNCS, vol. 7537, pp. 57–76. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  23. Emami, S., Ling, S., Nikolić, I., Pieprzyk, J., Wang, H.: The resistance of present-80 against related-key differential attacks. Cryptology ePrint Archive, Report 2013/522 (2013). http://eprint.iacr.org/

  24. Shibutani, K.: On the diffusion of generalized feistel structures regarding differential and linear cryptanalysis. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) SAC 2010. LNCS, vol. 6544, pp. 211–228. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  25. Walter, M., Bulygin, S., Buchmann, J.: Optimizing guessing strategies for algebraic cryptanalysis with applications to EPCBC. In: Kutyłowski, M., Yung, M. (eds.) Inscrypt 2012. LNCS, vol. 7763, pp. 175–197. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  26. Wu, S., Wang, M.: Security evaluation against differential cryptanalysis for block cipher structures. Technical report, Cryptology ePrint Archive, Report 2011/551 (2011)

    Google Scholar 

  27. Wu, W., Zhang, W., Lin, D.: On the security of generalized feistel scheme with SP round function. Int. J. Netw. Secur. 3(3), 215–224 (2006)

    Google Scholar 

  28. Yap, H., Khoo, K., Poschmann, A., Henricksen, M.: EPCBC - a block cipher suitable for electronic product code encryption. In: Lin, D., Tsudik, G., Wang, X. (eds.) CANS 2011. LNCS, vol. 7092, pp. 76–97. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  29. Zhang, M., Liu, J., Wang, X.: The upper bounds on differential characteristics in block cipher sms4. Cryptology ePrint Archive, Report 2010/155 (2010)

    Google Scholar 

Download references

Acknowledgements

The authors would like to thank the anonymous reviewers for their helpful comments and suggestions. The work of this paper was supported by the National Key Basic Research Program of China (2013CB834203), the National Natural Science Foundation of China (Grants 61070172, 10990011, and 61272477), and the Strategic Priority Research Program of Chinese Academy of Sciences under Grant XDA06010702.

Author information

Authors and Affiliations

  1. State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, 100093, China

    Siwei Sun, Lei Hu, Ling Song, Yonghong Xie & Peng Wang

Authors
  1. Siwei Sun
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lei Hu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ling Song
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yonghong Xie
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Peng Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Siwei Sun .

Editor information

Editors and Affiliations

  1. Chinese Academy of Sciences, Beijing, China

    Dongdai Lin

  2. University of Texas, San Antonio, Texas, USA

    Shouhuai Xu

  3. Columbia University, New York, New York, USA

    Moti Yung

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Sun, S., Hu, L., Song, L., Xie, Y., Wang, P. (2014). Automatic Security Evaluation of Block Ciphers with S-bP Structures Against Related-Key Differential Attacks. In: Lin, D., Xu, S., Yung, M. (eds) Information Security and Cryptology. Inscrypt 2013. Lecture Notes in Computer Science(), vol 8567. Springer, Cham. https://doi.org/10.1007/978-3-319-12087-4_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-12087-4_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-12086-7

  • Online ISBN: 978-3-319-12087-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation