Cube Cryptanalysis of LBlock with Noisy Leakage

  • Zhenqi Li
  • Bin Zhang
  • Yuan Yao
  • Dongdai Lin
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7839)


In this paper, we present some side channel cube attacks on LBlock, a lightweight block cipher proposed at ACNS 2011. It is shown that in the single bit leakage model, 14 bits of the secret key can be recovered with 210.7 time and 27.6 chosen plaintexts, captured the 44th state bit of the third round. In the Hamming weight leakage model, the full 80-bit key can be retrieved with only 210 32-round LBlock encryptions and 211.1 chosen plaintexts, given the leakage of the second least significant bit (LSB) of the Hamming weight after the third round. We also provide a rigorous analysis on the error tolerance probabilities of our attacks and show that the full 80-bit key can be restored in 230 32-round LBlock encryptions with 28.5 chosen plaintexts and at most 5.5% of the noisy leaked bits in the LSB of the Hamming weight after the second round. Many of the ideas in our attacks are applicable to other block ciphers as well.


Cryptanalysis Cube attack Side channel attack LBlock 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Blum, M., Luby, M., Rubinfeld, R.: Self-testing/correcting with applications to numerical problems. Journal of Computer and System Sciences 47, 549–595 (1993)CrossRefzbMATHMathSciNetGoogle Scholar
  2. 2.
    Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M., Seurin, Y., Vikkelsoe, C.: PRESENT: An ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  3. 3.
    Courtois, N.T., Sepehrdad, P., Sušil, P., Vaudenay, S.: ElimLin Algorithm Revisited. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 306–325. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  4. 4.
    De Cannière, C., Dunkelman, O., Knežević, M.: KATAN and KTANTAN — A Family of Small and Efficient Hardware-Oriented Block Ciphers. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 272–288. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  5. 5.
    Dinur, I., Shamir, A.: Cube Attacks on Tweakable Black Box Polynomials. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 278–299. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  6. 6.
    Dinur, I., Shamir, A.: Side Channel Cube Attacks on Block Ciphers. Cryptology ePrint Archive. Report 2009/127 (2009)Google Scholar
  7. 7.
    Farebrother, R.W.: Linear Least Squares Computations. STATISTICS: Textbooks and Monographs. Marcel Dekker (1988) ISBN 978-0-8247-7661-9Google Scholar
  8. 8.
    Guo, J., Peyrin, T., Poschmann, A., Robshaw, M.: The LED Block Cipher. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 326–341. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  9. 9.
    Hong, D., Sung, J., Hong, S., Lim, J., Lee, S., Koo, B.-S., Lee, C., Chang, D., Lee, J., Jeong, K., Kim, H., Kim, J., Chee, S.: HIGHT: A New Block Cipher Suitable for Low-Resource Device. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 46–59. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  10. 10.
    Izadi, M., Sadeghiyan, B., Sadeghian, S.S., Khanooki, H.A.: MIBS: A New Lightweight Block Cipher. In: Garay, J.A., Miyaji, A., Otsuka, A. (eds.) CANS 2009. LNCS, vol. 5888, pp. 334–348. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  11. 11.
    Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  12. 12.
    Lai, X.: Higher Order Derivatives and Differential Cryptanalysis. In: Communications and Cryptography: Two Sides of One Tapestry, p. 227 (1994)Google Scholar
  13. 13.
    Leander, G., Paar, C., Poschmann, A., Schramm, K.: New Lightweight DES Variants. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 196–210. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  14. 14.
    Zhao, L., Nishide, T., Sakurai, K.: Differential Fault Analysis of Full LBlock. In: Schindler, W., Huss, S.A. (eds.) COSADE 2012. LNCS, vol. 7275, pp. 135–150. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  15. 15.
    Yang, L., Wang, M., Qiao, S.: Side Channel Cube Attack on PRESENT. In: Garay, J.A., Miyaji, A., Otsuka, A. (eds.) CANS 2009. LNCS, vol. 5888, pp. 379–391. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  16. 16.
    Luby, M.G., Mitzenmacher, M., Shokrollahi, M.A., Spielman, D.A.: Efficient erasure correcting codes. IEEE Transactions on Information Theory 47(2), 569–584 (2001)CrossRefzbMATHMathSciNetGoogle Scholar
  17. 17.
    Marine, M., Maria, N.P.: A related key impossible differential attack against 22 rounds of the lightweight block cipher LBlock. Information Processing Letters 112(16), 624–629 (2012)CrossRefzbMATHMathSciNetGoogle Scholar
  18. 18.
    Ojha, S.K., Kumar, N., Jain, K., Sangeeta: TWIS - A Lightweight Block Cipher. In: Prakash, A., Sen Gupta, I. (eds.) ICISS 2009. LNCS, vol. 5905, pp. 280–291. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  19. 19.
    Kocher, P.C.: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
  20. 20.
    Quisquater, J.J., Samyde, D.: A new tool for non-intrusive analysis of smart cards based on electro-magnetic emissions: the SEMA and DEMA methods(EB/OL). Eurocrypt rump session (2000)Google Scholar
  21. 21.
    Robshaw, M.J.B.: Searching for Compact Algorithms: cgen. In: Nguyen, P.Q. (ed.) VIETCRYPT 2006. LNCS, vol. 4341, pp. 37–49. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  22. 22.
    Shekh Faisal, A.-L., Mohammad, R.R., Willy, S., Jennifer, S.: Extended Cubes: Enhancing the cube attack by Extracting Low-Degree Non-linear Equations. In: Cheung, B., Hui, L.C.K., Sandhu, R., Wong, D.S. (eds.) ASIACCS 2011, pp. 296–305 (2011)Google Scholar
  23. 23.
    Shibutani, K., Isobe, T., Hiwatari, H., Mitsuda, A., Akishita, T., Shirai, T.: Piccolo: An Ultra-Lightweight Blockcipher. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 342–357. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  24. 24.
    Standaert, F.-X., Piret, G., Gershenfeld, N., Quisquater, J.-J.: SEA: A Scalable Encryption Algorithm for Small Embedded Applications. In: Domingo-Ferrer, J., Posegga, J., Schreckling, D. (eds.) CARDIS 2006. LNCS, vol. 3928, pp. 222–236. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  25. 25.
    Suzaki, T., Minematsu, K., Morioka, S., Kobayashi, E.: TWINE: A Lightweight, Versatile Block Cipher. In: ECRYPT Workshop on Lightweight Cryptography (November 2011)Google Scholar
  26. 26.
    Vielhaber, M.: Breaking ONE.TRIVIUM by AIDA and Algebraic IV Differential Attack. IACR Cryptology ePrint Archive, 413 (2007)Google Scholar
  27. 27.
    Vielhaber, M.: AIDA Breaks (BIVIUM A and B) in 1 Minute Dual Core CPU Time. IACR Cryptology ePrint Archive, 402 (2009)Google Scholar
  28. 28.
    Wu, W., Zhang, L.: LBlock: A Lightweight Block Cipher. In: Lopez, J., Tsudik, G. (eds.) ACNS 2011. LNCS, vol. 6715, pp. 327–344. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  29. 29.
    Liu, Y., Gu, D., Liu, Z., Li, W.: Impossible Differential Attacks on Reduced-Round LBlock. In: Ryan, M.D., Smyth, B., Wang, G. (eds.) ISPEC 2012. LNCS, vol. 7232, pp. 97–108. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  30. 30.
    Zhao, X.J., Wang, T., Guo, S.Z.: Improved Side Channel Cube Attacks on PRESENT. Cryptology ePrint Archive. Report 2011/165 (2011)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Zhenqi Li
    • 1
  • Bin Zhang
    • 2
  • Yuan Yao
    • 1
  • Dongdai Lin
    • 2
  1. 1.Institute of SoftwareChinese Academy of SciencesBeijingChina
  2. 2.SKLOIS, Institute of Information EngineeringChinese Academy of SciencesBeijingChina

Personalised recommendations