Symbolic-Like Computation and Conditional Differential Cryptanalysis of QUARK

  • Jingchun Yang
  • Meicheng Liu
  • Dongdai LinEmail author
  • Wenhao Wang
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11049)


At ASIACRYPT 2010, Knellwolf et al. proposed a general analysis of NFSR-based cryptosystems, called conditional differential cryptanalysis. The main idea of this technique is to impose conditions on the internal state to get a deterministic differential characteristic for a large number of rounds. In this paper, we propose a method, called symbolic-like computation, to simulate the differential propagation of an iterated cryptosystem. By coding the internal state bits and modeling the bit operations, it can determine the constantness of the differential expression with linear time complexity. Based on this method, we can obtain a list of good input differences. We apply this technique to the conditional differential cryptanalysis of QUARK, a family of lightweight hash functions proposed by Aumasson et al. at CHES 2010. By controlling the propagation of differences both backwards and forwards, we can observe the bias of output difference at a higher round. Eventually, we can distinguish U-QUARK/D-QUARK/S-QUARK/C-QUARK up to 155/166/259/452 rounds respectively. Our distinguishers are very practical and have been fully verified by experiments on a single PC. To the best of our knowledge, all these results are the best thus far.


Cryptanalysis Conditional differential cryptanalysis NFSR Symbolic-like computation QUARK 



We are grateful to Ming Li, Xiaojuan Zhang, and anonymous reviewers of IWSEC 2018 for their fruitful discussions and helpful comments.


  1. 1.
    Aumasson, J.P.: Github - veorq/quark: Lightweight cryptographic hash functions (reference code).
  2. 2.
    Aumasson, J.-P., Henzen, L., Meier, W., Naya-Plasencia, M.: Quark: a lightweight hash. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 1–15. Springer, Heidelberg (2010). Scholar
  3. 3.
    Aumasson, J.P., Henzen, L., Meier, W., Naya-Plasencia, M.: Quark: a lightweight hash. J. Cryptol. 26(2), 313–339 (2013)MathSciNetCrossRefGoogle Scholar
  4. 4.
    Aumasson, J.P., Knellwolf, S., Meier, W.: Heavy Quark for secure AEAD. DIAC-Directions in Authenticated Ciphers (2012)Google Scholar
  5. 5.
    Banik, S.: Conditional differential cryptanalysis of 105 round Grain v1. Crypt. Commun. 8(1), 113–137 (2016)MathSciNetCrossRefGoogle Scholar
  6. 6.
    Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: On the indifferentiability of the sponge construction. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 181–197. Springer, Heidelberg (2008). Scholar
  7. 7.
    Biryukov, A., Lamberger, M., Mendel, F., Nikolić, I.: Second-order differential collisions for reduced SHA-256. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 270–287. Springer, Heidelberg (2011). Scholar
  8. 8.
    De Cannière, C.: Trivium: a stream cipher construction inspired by block cipher design principles. In: Katsikas, S.K., López, J., Backes, M., Gritzalis, S., Preneel, B. (eds.) ISC 2006. LNCS, vol. 4176, pp. 171–186. Springer, Heidelberg (2006). Scholar
  9. 9.
    De Cannière, C., Dunkelman, O., Knežević, M.: KATAN and KTANTAN — A family of small and efficient hardware-oriented block ciphers. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 272–288. Springer, Heidelberg (2009). Scholar
  10. 10.
    Dinur, I., Shamir, A.: Cube attacks on tweakable black box polynomials. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 278–299. Springer, Heidelberg (2009). Scholar
  11. 11.
    Dinur, I., Shamir, A.: Breaking Grain-128 with dynamic cube attacks. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 167–187. Springer, Heidelberg (2011). Scholar
  12. 12.
    Hell, M., Johansson, T., Maximov, A., Meier, W.: The Grain family of stream ciphers. In: Robshaw, M., Billet, O. (eds.) New Stream Cipher Designs. LNCS, vol. 4986, pp. 179–190. Springer, Heidelberg (2008). Scholar
  13. 13.
    Knellwolf, S., Meier, W., Naya-Plasencia, M.: Conditional differential cryptanalysis of NLFSR-based cryptosystems. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 130–145. Springer, Heidelberg (2010). Scholar
  14. 14.
    Knudsen, L.R.: Truncated and higher order differentials. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 196–211. Springer, Heidelberg (1995). Scholar
  15. 15.
    Lai, X.: Higher order derivatives and differential cryptanalysis. In: Blahut, R.E., Costello, D.J., Maurer, U., Mittelholzer, T. (eds.) Communications and Cryptography. SECS, vol. 276, pp. 227–233. Springer, Boston (1994). Scholar
  16. 16.
    Ma, Z., Tian, T., Qi, W.F.: Conditional differential attacks on Grain-128a stream cipher. IET Inf. Secur. 11(3), 139–145 (2016)CrossRefGoogle Scholar
  17. 17.
    Ma, Z., Tian, T., Qi, W.F.: Improved conditional differential attacks on Grain v1. IET Inf. Secur. 11(1), 46–53 (2016)CrossRefGoogle Scholar
  18. 18.
    Stein, W., Joyner, D.: Sage: system for algebra and geometry experimentation. ACM SIGSAM Bull. 39(2), 61–64 (2005)CrossRefGoogle Scholar
  19. 19.
    Wang, X., Yin, Y.L., Yu, H.: Finding collisions in the full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005). Scholar
  20. 20.
    Wang, X., Yu, H.: How to break MD5 and other hash functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005). Scholar
  21. 21.
    Watanabe, Y., Isobe, T., Morii, M.: Conditional differential cryptanalysis for Kreyvium. In: Pieprzyk, J., Suriadi, S. (eds.) ACISP 2017. LNCS, vol. 10342, pp. 421–434. Springer, Cham (2017). Scholar
  22. 22.
    Watanabe, Y., Todo, Y., Morii, M.: New conditional differential cryptanalysis for NLFSR-based stream ciphers and application to Grain v1. In: 2016 11th Asia Joint Conference on Information Security (AsiaJCIS), pp. 115–123. IEEE (2016)Google Scholar
  23. 23.
    Zhang, K., Guan, J., Fei, X.: Improved conditional differential cryptanalysis. Secur. Commun. Netw. 8(9), 1801–1811 (2015)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Jingchun Yang
    • 1
    • 2
  • Meicheng Liu
    • 1
    • 2
  • Dongdai Lin
    • 1
    • 2
    Email author
  • Wenhao Wang
    • 1
    • 2
  1. 1.State Key Laboratory of Information Security, Institute of Information EngineeringChinese Academy of SciencesBeijingChina
  2. 2.School of Cyber SecurityUniversity of Chinese Academy of SciencesBeijingChina

Personalised recommendations