10 results sorted by ID
Possible spell-corrected query: linear full effect
Improved Linear Key Recovery Attacks on PRESENT
Wenhui Wu, Muzhou Li, Meiqin Wang
Secret-key cryptography
PRESENT is an ultra-lightweight block cipher designed by Bogdanov et al., and has been widely studied since its proposal. It supports 80-bit and 128-bit keys, which are referred as PRESENT-80 and PRESENT-128, respectively. Up to now, linear cryptanalysis is the most effective method on attacking this cipher, especially when accelerated with the pruned Walsh transform. Combing pruned Walsh transform with multiple linear attacks, one can recover the right key for 28-round PRESENT-80 and -128....
Efficient and Extensive Search Linear Approximations with High for Precise Correlations of Full SNOW-V
ZhaoCun Zhou, DengGuo Feng, Bin Zhang
Secret-key cryptography
SNOW-V is a stream cipher recently designed for 5G communication system.
In this paper, we propose two efficient algorithms to evaluate the precise correlation of SNOW-V's two main nonlinear components
with linear hull effects fully considered.
Based on these algorithms, we could efficiently and extensively search much more linear masks than before.
The ideas of these algorithms can be generalized to other similar nonlinear components in symmetric cipher.
We apply our algorithms to full...
Improved Attacks on GIFT-64
Ling Sun, Wei Wang, Meiqin Wang
Secret-key cryptography
One of the well-known superiorities of GIFT-64 over PRESENT lies in the correction of the strong linear hull effect. However, apart from the investigation of the 9-round linear hull effect in the design document, we find no linear attack result on GIFT-64. Although we do not doubt the security of GIFT-64 regarding the linear cryptanalysis, the actual resistance of the cipher to the linear attack should be evaluated since it promotes a comprehensive perception of the soundness of GIFT-64....
How to Backdoor a Cipher
Raluca Posteuca, Tomer Ashur
Secret-key cryptography
Newly designed block ciphers are required to show resistance against known attacks, e.g., linear and differential cryptanalysis. Two widely used methods to do this are to employ an automated search tool (e.g., MILP, SAT/SMT, etc.) and/or provide a wide-trail argument. In both cases, the core of the argument consists of bounding the transition probability of the statistical property over an isolated non-linear operation, then multiply it by the number of such operations (e.g., number of...
Zero-Correlation Attacks on Tweakable Block Ciphers with Linear Tweakey Expansion
Ralph Ankele, Christoph Dobraunig, Jian Guo, Eran Lambooij, Gregor Leander, Yosuke Todo
Secret-key cryptography
The design and analysis of dedicated tweakable block ciphers is a quite recent and very active research field that provides an ongoing stream of new insights. For instance, results of Kranz, Leander, and Wiemer from FSE 2017 show that the addition of a tweak using a linear tweak schedule does not introduce new linear characteristics. In this paper, we consider --- to the best of our knowledge --- for the first time the effect of the tweak on zero-correlation linear cryptanalysis for ciphers...
Capacity and Data Complexity in Multidimensional Linear Attack
Jialin Huang, Serge Vaudenay, Xuejia Lai, Kaisa Nyberg
Secret-key cryptography
Multidimensional linear attacks are one of the most powerful variants of linear cryptanalytic techniques now.
However, there is no knowledge on the key-dependent capacity and data complexity so far.
Their values were assumed to be close to the average value for a vast majority of keys.
This assumption is not accurate. In this paper, under a reasonable condition, we explicitly formulate the capacity as a Gamma distribution and the data complexity as an Inverse Gamma distribution, in terms of...
Improved Linear Cryptanalysis of Reduced-round SIMON
Mohamed Ahmed Abdelraheem, Javad Alizadeh, Hoda A. Alkhzaimi, Mohammad Reza Aref, Nasour Bagheri, Praveen Gauravaram, Martin M. Lauridsen
SIMON is a family of ten lightweight block ciphers published by Beaulieu et al.\ from U.S. National Security Agency (NSA). In this paper we investigate the security of SIMON against different variants of linear cryptanalysis techniques, i.e.\ classical and multiple linear cryptanalysis and linear hulls. We present a connection between linear- and differential characteristics as well as differentials and linear hulls in SIMON. We employ it to adapt the current known results on differential...
More on linear hulls of PRESENT-like ciphers and a cryptanalysis of full-round EPCBC-96
Stanislav Bulygin
Secret-key cryptography
In this paper we investigate the linear hull effect in the light-weight block cipher EPCBC. We give an efficient method of computing linear hulls with high capacity. We then apply found hulls to derive attacks on the full 32 rounds of EPCBC--96 and 20 rounds of EPCBC-48. Using the developed methods we revise the work of J.Y. Cho from 2010 and obtain an attack based on multidimensional linear approximations on 26 rounds of PRESENT--128. The results show that designers of block ciphers should...
Exploiting Linear Hull in Matsui’s Algorithm 1 (extended version)
Andrea Röck, Kaisa Nyberg
Secret-key cryptography
We consider linear approximations of an iterated block cipher in the presence of several strong linear approximation trails. The effect of such trails in Matsui’s Algorithm 2, also called the linear hull effect, has been previously studied by a number of authors. However, he effect on Matsui’s Algorithm 1 has not been investigated until now. In this paper, we fill this gap and examine how to exploit the linear hull in Matsui’s Algorithm 1. We develop the mathematical framework for this kind...
Effect of the Dependent Paths in Linear Hull
Zhenli Dai, Meiqin Wang, Yue Sun
Linear Hull is a phenomenon that there are a lot of linear paths
with the same data mask but different key masks for a block cipher.
In 1994, K. Nyberg presented the effect on the key-recovery attack
such as Algorithm 2 with linear hull, in which the required number
of the known plaintexts can be decreased compared with that in the
attack using an individual linear path. In 2009, S. Murphy proved
that K. Nyberg's results can only be used to give a lower bound on
the data complexity and will...
PRESENT is an ultra-lightweight block cipher designed by Bogdanov et al., and has been widely studied since its proposal. It supports 80-bit and 128-bit keys, which are referred as PRESENT-80 and PRESENT-128, respectively. Up to now, linear cryptanalysis is the most effective method on attacking this cipher, especially when accelerated with the pruned Walsh transform. Combing pruned Walsh transform with multiple linear attacks, one can recover the right key for 28-round PRESENT-80 and -128....
SNOW-V is a stream cipher recently designed for 5G communication system. In this paper, we propose two efficient algorithms to evaluate the precise correlation of SNOW-V's two main nonlinear components with linear hull effects fully considered. Based on these algorithms, we could efficiently and extensively search much more linear masks than before. The ideas of these algorithms can be generalized to other similar nonlinear components in symmetric cipher. We apply our algorithms to full...
One of the well-known superiorities of GIFT-64 over PRESENT lies in the correction of the strong linear hull effect. However, apart from the investigation of the 9-round linear hull effect in the design document, we find no linear attack result on GIFT-64. Although we do not doubt the security of GIFT-64 regarding the linear cryptanalysis, the actual resistance of the cipher to the linear attack should be evaluated since it promotes a comprehensive perception of the soundness of GIFT-64....
Newly designed block ciphers are required to show resistance against known attacks, e.g., linear and differential cryptanalysis. Two widely used methods to do this are to employ an automated search tool (e.g., MILP, SAT/SMT, etc.) and/or provide a wide-trail argument. In both cases, the core of the argument consists of bounding the transition probability of the statistical property over an isolated non-linear operation, then multiply it by the number of such operations (e.g., number of...
The design and analysis of dedicated tweakable block ciphers is a quite recent and very active research field that provides an ongoing stream of new insights. For instance, results of Kranz, Leander, and Wiemer from FSE 2017 show that the addition of a tweak using a linear tweak schedule does not introduce new linear characteristics. In this paper, we consider --- to the best of our knowledge --- for the first time the effect of the tweak on zero-correlation linear cryptanalysis for ciphers...
Multidimensional linear attacks are one of the most powerful variants of linear cryptanalytic techniques now. However, there is no knowledge on the key-dependent capacity and data complexity so far. Their values were assumed to be close to the average value for a vast majority of keys. This assumption is not accurate. In this paper, under a reasonable condition, we explicitly formulate the capacity as a Gamma distribution and the data complexity as an Inverse Gamma distribution, in terms of...
SIMON is a family of ten lightweight block ciphers published by Beaulieu et al.\ from U.S. National Security Agency (NSA). In this paper we investigate the security of SIMON against different variants of linear cryptanalysis techniques, i.e.\ classical and multiple linear cryptanalysis and linear hulls. We present a connection between linear- and differential characteristics as well as differentials and linear hulls in SIMON. We employ it to adapt the current known results on differential...
In this paper we investigate the linear hull effect in the light-weight block cipher EPCBC. We give an efficient method of computing linear hulls with high capacity. We then apply found hulls to derive attacks on the full 32 rounds of EPCBC--96 and 20 rounds of EPCBC-48. Using the developed methods we revise the work of J.Y. Cho from 2010 and obtain an attack based on multidimensional linear approximations on 26 rounds of PRESENT--128. The results show that designers of block ciphers should...
We consider linear approximations of an iterated block cipher in the presence of several strong linear approximation trails. The effect of such trails in Matsui’s Algorithm 2, also called the linear hull effect, has been previously studied by a number of authors. However, he effect on Matsui’s Algorithm 1 has not been investigated until now. In this paper, we fill this gap and examine how to exploit the linear hull in Matsui’s Algorithm 1. We develop the mathematical framework for this kind...
Linear Hull is a phenomenon that there are a lot of linear paths with the same data mask but different key masks for a block cipher. In 1994, K. Nyberg presented the effect on the key-recovery attack such as Algorithm 2 with linear hull, in which the required number of the known plaintexts can be decreased compared with that in the attack using an individual linear path. In 2009, S. Murphy proved that K. Nyberg's results can only be used to give a lower bound on the data complexity and will...