Symbolic-Like Computation and Conditional Differential Cryptanalysis of QUARK
At ASIACRYPT 2010, Knellwolf et al. proposed a general analysis of NFSR-based cryptosystems, called conditional differential cryptanalysis. The main idea of this technique is to impose conditions on the internal state to get a deterministic differential characteristic for a large number of rounds. In this paper, we propose a method, called symbolic-like computation, to simulate the differential propagation of an iterated cryptosystem. By coding the internal state bits and modeling the bit operations, it can determine the constantness of the differential expression with linear time complexity. Based on this method, we can obtain a list of good input differences. We apply this technique to the conditional differential cryptanalysis of QUARK, a family of lightweight hash functions proposed by Aumasson et al. at CHES 2010. By controlling the propagation of differences both backwards and forwards, we can observe the bias of output difference at a higher round. Eventually, we can distinguish U-QUARK/D-QUARK/S-QUARK/C-QUARK up to 155/166/259/452 rounds respectively. Our distinguishers are very practical and have been fully verified by experiments on a single PC. To the best of our knowledge, all these results are the best thus far.
KeywordsCryptanalysis Conditional differential cryptanalysis NFSR Symbolic-like computation QUARK
We are grateful to Ming Li, Xiaojuan Zhang, and anonymous reviewers of IWSEC 2018 for their fruitful discussions and helpful comments.
- 1.Aumasson, J.P.: Github - veorq/quark: Lightweight cryptographic hash functions (reference code). https://github.com/veorq/Quark/
- 4.Aumasson, J.P., Knellwolf, S., Meier, W.: Heavy Quark for secure AEAD. DIAC-Directions in Authenticated Ciphers (2012)Google Scholar
- 8.De Cannière, C.: Trivium: a stream cipher construction inspired by block cipher design principles. In: Katsikas, S.K., López, J., Backes, M., Gritzalis, S., Preneel, B. (eds.) ISC 2006. LNCS, vol. 4176, pp. 171–186. Springer, Heidelberg (2006). https://doi.org/10.1007/11836810_13CrossRefGoogle Scholar
- 9.De Cannière, C., Dunkelman, O., Knežević, M.: KATAN and KTANTAN — A family of small and efficient hardware-oriented block ciphers. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 272–288. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04138-9_20CrossRefzbMATHGoogle Scholar
- 22.Watanabe, Y., Todo, Y., Morii, M.: New conditional differential cryptanalysis for NLFSR-based stream ciphers and application to Grain v1. In: 2016 11th Asia Joint Conference on Information Security (AsiaJCIS), pp. 115–123. IEEE (2016)Google Scholar