Full round distinguishing and key-recovery attacks on SAND-2. (English) Zbl 07883565
Ge, Chunpeng (ed.) et al., Information security and cryptology. 19th international conference, Inscrypt 2023, Hangzhou, China, December 9–10, 2023. Revised selected papers. Part II. Singapore: Springer. Lect. Notes Comput. Sci. 14527, 230-250 (2024).
Summary: This paper presents full round distinguishing and key recovery attacks on lightweight block cipher SAND-2 with 64-bit block size and 128-bit key size, which appears to be a mixture of the AND-Rotation-XOR (AND-RX) based ciphers SAND and ANT. However, the security arguments against linear and some other attacks are not fully provided. In this paper, we find that the combination of a SAND-like nibble-based round function and ANT-like bit-based permutations will cause dependencies and lead to iterative linear and differential trails with high probabilities. By exploiting these, full round distinguishing attacks on SAND-2 work with \(2^{46}\) queries for linear and \(2^{58.60}\) queries for differential in the single-key setting. Then, full round key recovery attacks are also mounted, which work with the time complexity \(2^{48.23}\) for linear and \(2^{64.10}\) for differential. It should be noted that the dependency observed in this paper only works for SAND-2 and will not threaten SAND and ANT. From the point of designers, our attacks show the risk of mixing the parts of different designs, even though each of them is well-studied to be secure.
For the entire collection see [Zbl 1541.94006].
For the entire collection see [Zbl 1541.94006].
MSC:
| 94A60 | Cryptography |
Keywords:
linear cryptanalysis; differential cryptanalysis; distinguishing attack; key recovery attack; SAND-2References:
| [1] | Ankele, R.; Kölbl, S.; Cid, C.; Jacobson, M. Jr, Mind the gap - a closer look at the security of block ciphers against differential cryptanalysis, Selected Areas in Cryptography - SAC 2018, 163-190, 2018, Cham: Springer, Cham · Zbl 1447.94017 · doi:10.1007/978-3-030-10970-7_8 |
| [2] | Bansod, G.; Patil, A.; Sutar, S.; Pisharoty, N., ANU: an ultra lightweight cipher design for security in IoT, Secur. Commun. Netw., 9, 18, 5238-5251, 2016 · doi:10.1002/sec.1692 |
| [3] | Beaulieu, R., Shors, D., Smith, J., Treatman-Clark, S., Weeks, B., Wingers, L.: The SIMON and SPECK families of lightweight block ciphers. IACR Cryptol. ePrint Arch., p. 404 (2013) |
| [4] | Beierle, C.; Robshaw, M.; Katz, J., The SKINNY family of block ciphers and its low-latency variant MANTIS, Advances in Cryptology - CRYPTO 2016, 123-153, 2016, Heidelberg: Springer, Heidelberg · Zbl 1372.94412 · doi:10.1007/978-3-662-53008-5_5 |
| [5] | Biham, E., New types of cryptanalytic attacks using related keys, J. Cryptology, 7, 4, 229-246, 1994 · Zbl 0812.94012 · doi:10.1007/BF00203965 |
| [6] | Biham, E.; Shamir, A., Differential cryptanalysis of des-like cryptosystems, J. Cryptology, 4, 1, 3-72, 1991 · Zbl 0729.68017 · doi:10.1007/BF00630563 |
| [7] | Blondeau, C.; Nyberg, K., Joint data and key distribution of simple, multiple, and multidimensional linear cryptanalysis test statistic and its impact to data complexity, Des. Codes Cryptogr., 82, 1-2, 319-349, 2017 · Zbl 1402.94052 · doi:10.1007/s10623-016-0268-6 |
| [8] | Chen, S.; Fan, Y.; Fu, Y.; Huang, L.; Wang, M., On the design of ant family block ciphers, J. Cryptol. Res., 6, 6, 748, 2019 |
| [9] | Chen, S., SAND: an AND-RX Feistel lightweight block cipher supporting S-box-based security evaluations, Des. Codes Cryptogr., 90, 1, 155-198, 2022 · Zbl 1481.94091 · doi:10.1007/s10623-021-00970-9 |
| [10] | Chen, W.; Li, L.; Guo, Y.; Huang, Y., SAND-2: an optimized implementation of lightweight block cipher, Integr., 91, 23-34, 2023 |
| [11] | Knudsen, LR; Imai, H.; Rivest, RL; Matsumoto, T., Cryptanalysis of LOKI, Advances in Cryptology — ASIACRYPT ’91, 22-35, 1993, Heidelberg: Springer, Heidelberg · Zbl 0809.94013 · doi:10.1007/3-540-57332-1_2 |
| [12] | Matsui, M.; Helleseth, T., Linear cryptanalysis method for DES cipher, Advances in Cryptology — EUROCRYPT ’93, 386-397, 1994, Heidelberg: Springer, Heidelberg · Zbl 0951.94519 · doi:10.1007/3-540-48285-7_33 |
| [13] | Sasaki, Yu; Preneel, B.; Vercauteren, F., Related-key boomerang attacks on full ANU lightweight block cipher, Applied Cryptography and Network Security, 421-439, 2018, Cham: Springer, Cham · Zbl 1440.94080 · doi:10.1007/978-3-319-93387-0_22 |
| [14] | Selçuk, AA, On probability of success in linear and differential cryptanalysis, J. Cryptol., 21, 1, 131-147, 2008 · Zbl 1147.68510 · doi:10.1007/s00145-007-9013-7 |
| [15] | Soleimany, H.; Nyberg, K., Zero-correlation linear cryptanalysis of reduced-round Lblock, Des. Codes Cryptogr., 73, 2, 683-698, 2014 · Zbl 1310.94169 · doi:10.1007/s10623-014-9976-y |
| [16] | Sun, L.; Wang, W.; Wang, M.; AlTawy, R.; Hülsing, A., Improved attacks on GIFT-64, Selected Areas in Cryptography, 246-265, 2022, Cham: Springer, Cham · doi:10.1007/978-3-030-99277-4_12 |
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. In some cases that data have been complemented/enhanced by data from zbMATH Open. This attempts to reflect the references listed in the original paper as accurately as possible without claiming completeness or a perfect matching.
