Cryptanalysis of full PRIDE block cipher
PRIDE is a lightweight block cipher proposed at CRYPTO 2014 by Albrecht et al., who claimed that the construction of linear layers is efficient and secure. In this paper, we investigate the key schedule and find eight 2-round iterative related-key differential characteristics, which can be used to c...
Uloženo v:
| Vydáno v: | Science China. Information sciences Ročník 60; číslo 5; s. 165 - 176 |
|---|---|
| Hlavní autoři: | , |
| Médium: | Journal Article |
| Jazyk: | angličtina |
| Vydáno: |
Beijing
Science China Press
01.05.2017
Springer Nature B.V |
| Témata: | |
| ISSN: | 1674-733X, 1869-1919 |
| On-line přístup: | Získat plný text |
| Tagy: |
Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
|
| Shrnutí: | PRIDE is a lightweight block cipher proposed at CRYPTO 2014 by Albrecht et al., who claimed that the construction of linear layers is efficient and secure. In this paper, we investigate the key schedule and find eight 2-round iterative related-key differential characteristics, which can be used to construct 18-round related-key differentials. A study of the first subkey derivation function reveals that there exist three weak-key classes, as a result of which all the differences of subkeys for each round are identical. For the weak-key classes,we also find eight 2-round iterative related-key differential characteristics. Based on one of the related-key differentials, we launch an attack on the full PRIDE block cipher. The data and time complexity are 2^39 chosen plaintexts and 2^92 encryptions, respectively. Moreover, by using multiple related-key differentials, we improve the cryptanalysis, which then requires 2^41.6 chosen plaintexts and 2^42.7 encryptions, respectively. Finally, we use two 17-round related-key differentials to analyze full PRIDE, which requires 2^35 plaintexts and 2^54.7 encryptions.These are the first results on full PRIDE, and show that the PRIDE block cipher is not secure against related-key differential attack. |
|---|---|
| Bibliografie: | 11-5847/TP PRIDE is a lightweight block cipher proposed at CRYPTO 2014 by Albrecht et al., who claimed that the construction of linear layers is efficient and secure. In this paper, we investigate the key schedule and find eight 2-round iterative related-key differential characteristics, which can be used to construct 18-round related-key differentials. A study of the first subkey derivation function reveals that there exist three weak-key classes, as a result of which all the differences of subkeys for each round are identical. For the weak-key classes,we also find eight 2-round iterative related-key differential characteristics. Based on one of the related-key differentials, we launch an attack on the full PRIDE block cipher. The data and time complexity are 2^39 chosen plaintexts and 2^92 encryptions, respectively. Moreover, by using multiple related-key differentials, we improve the cryptanalysis, which then requires 2^41.6 chosen plaintexts and 2^42.7 encryptions, respectively. Finally, we use two 17-round related-key differentials to analyze full PRIDE, which requires 2^35 plaintexts and 2^54.7 encryptions.These are the first results on full PRIDE, and show that the PRIDE block cipher is not secure against related-key differential attack. cryptanalysis, block cipher, PRIDE, iterative characteristics, related-key differential ObjectType-Article-1 SourceType-Scholarly Journals-1 ObjectType-Feature-2 content type line 14 |
| ISSN: | 1674-733X 1869-1919 |
| DOI: | 10.1007/s11432-015-5487-3 |