2011 | OriginalPaper | Chapter
Practical Attack on 8 Rounds of the Lightweight Block Cipher KLEIN
Authors : Jean-Philippe Aumasson, María Naya-Plasencia, Markku-Juhani O. Saarinen
Published in: Progress in Cryptology – INDOCRYPT 2011
Publisher: Springer Berlin Heidelberg
Activate our intelligent search to find suitable subject content or patents.
Select sections of text to find matching patents with Artificial Intelligence. powered by
Select sections of text to find additional relevant content using AI-assisted search. powered by
KLEIN is a family of lightweight block ciphers presented at RFIDSec 2011 that combines a 4-bit Sbox with Rijndael’s byte-oriented MixColumn. This approach allows compact implementations of KLEIN in both low-end software and hardware. This paper shows that interactions between those two components lead to the existence of differentials of unexpectedly high probability: using an iterative collection of differential characteristics and neutral bits in plaintexts, we find conforming pairs for four rounds with amortized cost below 2
12
encryptions, whereas at least 2
30
was expected by the preliminary analysis of KLEIN. We exploit this observation by constructing practical (≈ 2
35
-encryption), experimentally verified, chosen-plaintext key-recovery attacks on up to 8 rounds of KLEIN-64—the instance of KLEIN with 64-bit keys and 12 rounds.