Multi-differential Cryptanalysis on Reduced DM-PRESENT-80: Collisions and Other Differential Properties
The current paper studies differential properties of the compression function of reduced-round DM-PRESENT-80, which was proposed at CHES 2008 as a lightweight hash function with 64-bit digests. Our main result is a collision attack on 12 rounds with a complexity of 229.18 12-round DM-PRESENT computations. Then, the attack is extended to an 18-round distinguisher and an 12-round second preimage attack. In our analysis, the differential characteristic is satisfied by the start-from-the-middle approach. Our success lies in the detailed analysis of the data transition, where the internal state and message values are carefully chosen so that a differential characteristic for 5 rounds can be satisfied with complexity 1 on average. In order to reduce the attack complexity, we consider as many techniques as possible; multi-inbound technique, early aborting technique, precomputation of look-up tables, multi-differential characteristics.
KeywordsDM-PRESENT-80 Collision Second preimage Multi-differential cryptanalysis Rebound attack
Unable to display preview. Download preview PDF.
- 8.Dai, Z., Wang, M., Sun, Y.: Effect of the dependent paths in linear hull. Cryptology ePrint Archive: Report 2010/325 (2010)Google Scholar
- 9.Ferguson, N.: Observations on H-PRESENT-128. Rump Session of CRYPTO 2011 (2011)Google Scholar
- 11.Hermelin, M., Nyberg, K.: Linear cryptanalysis using multiple linear approximations. Cryptology ePrint Archive: Report 2011/093 (2011)Google Scholar
- 12.ISO/IEC 29192-2:2011: Information technology–Security techniques–Lightweight cryptography–Part 2: Block ciphers (2011)Google Scholar
- 13.Kobayashi, T., Hirose, S.: Collision attack on double-block length compression function using round-reduced PRESENT. In: SCIS 2012 (2012) (in Japanese)Google Scholar
- 14.Kumar, M., Yadav, P., Kumari, M.: Flaws in differential cryptanalysis of reduced round PRESENT. Cryptology ePrint Archive: Report 2010/407 (2010)Google Scholar
- 17.Mendel, F., Peyrin, T., Rechberger, C., Schläffer, M.: Improved cryptanalysis of the reduced Grøstl compression function, ECHO permutation and AES block cipher. In: Jacobson Jr., M.J., Rijmen, V., Safavi-Naini, R. (eds.) SAC 2009. LNCS, vol. 5867, pp. 16–35. Springer, Heidelberg (2009)CrossRefGoogle Scholar
- 20.Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of applied cryptography. CRC Press (1997)Google Scholar
- 26.Wang, X.: Cryptanalysis of hash functions and potential dangers. Invited Talk at CT-RSA 2006 (2006)Google Scholar