nach oben

Journal of Cryptology

Erschienen in:

02.04.2018

Nonlinear Invariant Attack: Practical Attack on Full SCREAM, iSCREAM, and Midori64

verfasst von: Yosuke Todo, Gregor Leander, Yu Sasaki

Erschienen in: Journal of Cryptology | Ausgabe 4/2019

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

In this paper, we introduce a new type of attack, called nonlinear invariant attack. As application examples, we present new attacks that are able to distinguish the full versions of the (tweakable) block ciphers Scream, iScream and Midori64 in a weak-key setting. Those attacks require only a handful of plaintext–ciphertext pairs and have minimal computational costs. Moreover, the nonlinear invariant attack on the underlying (tweakable) block cipher can be extended to a ciphertext-only attack in well-known modes of operation such as CBC or CTR. The plaintext of the authenticated encryption schemes SCREAM and iSCREAM can be practically recovered only from the ciphertexts in the nonce-respecting setting. This is the first result breaking a security claim of SCREAM. Moreover, the plaintext in Midori64 with well-known modes of operation can practically be recovered. All of our attacks are experimentally verified.

Vorheriger Artikel Small CRT-Exponent RSA Revisited

Nächster Artikel Cryptanalysis of NORX v2.0

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Nur mit Berechtigung zugänglich

Note that throughout the paper SCREAM always refers to the latest version as SCREAM, i.e., SCREAM (v3).

S. Banik, A. Bogdanov, T. Isobe, K. Shibutani, H. Hiwatari, T. Akishita, F. Regazzoni, Midori: a block cipher for low energy. in T. Iwata, J.H. Cheon, (eds), ASIACRYPT Part II. LNCS, vol. 9453 (Springer, 2015), pp. 411–436

E. Biham, A. Biryukov, A. Shamir, Cryptanalysis of Skipjack reduced to 31 rounds using impossible differentials, in J. Stern, editor, EUROCRYPT, LNCS, vol. 1592 (Springer, 1999), pp. 12–23

C. Beierle, A. Canteaut, G. Leander, Y. Rotella, Proving resistance against invariant attacks: how to choose the round constants, in J. Katz, H. Shacham, editors, CRYPTO 2017, Part II. LNCS, vol. 10402 (Springer, 2017), pp. 647–678

C. Bouillaguet, O. Dunkelman, G. Leurent, P.-A. Fouque, Another look at complementation properties, in S. Hong , T. Iwata, editors, FSE. LNCS, vol. 6147 (Springer, 2010), pp. 347–364

A. Bogdanov, V. Rijmen, Linear hulls with correlation zero and linear cryptanalysis of block ciphers. Des. Codes Cryptogr., 70(3), 369–383, (2014)

E. Biham, A. Shamir, Differential cryptanalysis of DES-like cryptosystems, in A. Menezes, S.A. Vanstone, editors, CRYPTO. LNCS. vol. 537 (Springer, 1990), pp. 2–21

A. Biryukov, D. Wagner, Slide attacks, in L.R. Knudsen, editor, FSE. LNCS, vol. 1636 (Springer, 1999), pp. 245–259

J. Guo, J. Jean, I. Nikolic, K. Qiao, Y. Sasaki, S. Sim, Invariant subspace attack against Midori64 and the resistance criteria for S-box designs. IACR Trans. Symm. Cryptol., 2016(1), 33–56, (2016)

V. Grosso, G. Leurent, F.-X. Standaert, K. Varici, A. Journault, F. Durvaux, L. Gaspar, S. Kerckhof, SCREAM v1. 2014. Submission to CAESAR competition

10.

V. Grosso, G. Leurent, F.-X. Standaert, K. Varici, A. Journault, F. Durvaux, L. Gaspar, S. Kerckhof, SCREAM v3. 2015. Submission to CAESAR competition

11.

V. Grosso, G. Leurent, F.-X. Standaert, K. Varici, LS-Designs: Bitslice encryption for efficient masked software implementations, in C. Cid, C. Rechberger, editors, FSE. LNCS, vol. 8540 (Springer, 2014), pp. 18–37

12.

M. Hermelin, J.Y. Cho, K. Nyberg, Multidimensional linear cryptanalysis of reduced round Serpent, in Y. Mu, W. Susilo, J. Seberry, editors, ACISP.LNCS, vol. 5107 (Springer, 2008), pp. 203–215

13.

C. Harpes, G.G. Kramer, J.L. Massey, A generalization of linear cryptanalysis and the applicability of Matsui’s piling-up lemma, in L.C. Guillou, J.-J. Quisquater, editors, EUROCRYPT. LNCS, vol. 921 (Springer, 1995), pp. 24–38

14.

L.R. Knudsen, Truncated and higher order differentials, in B. Preneel, editor, FSE. LNCS, vol. 1008 (Springer, 1994), pp. 196–211

15.

L.R. Knudsen, M.J.B. Robshaw, Non-linear approximations in linear cryptanalysis, in U.M. Maurer, editor, EUROCRYPT. LNCS, vol. 1070 (Springer, 1996), pp. 224–236

16.

G. Leander, M.A. Abdelraheem, H. AlKhzaimi, E. Zenner, A cryptanalysis of PRINTCIPHER: the invariant subspace attack, in P. Rogaway, editor, CRYPTO. LNCS, vol. 6841 (Springer, 2011), pp. 206–221

17.

G. Leander, B. Minaud, S. Rønjom, A generic approach to invariant subspace attacks: cryptanalysis of robin, iscream and zorro, in E. Oswald, M. Fischlin, editors, EUROCRYPT. LNCS, vol. 9056 (Springer, 2015), pp. 254–283

18.

M. Liskov, R.L. Rivest, D. Wagner, Tweakable block ciphers. J. Cryptol., 24(3), 588–613, (2011)

19.

M. Matsui, Linear cryptanalysis method for DES cipher, in T. Helleseth, editor, EUROCRYPT. LNCS, vol. 765 (Springer, 1993), pp. 386–397

20.

S. Moriai, T. Shimoyama, T. Kaneko, Higher order differential attak of CAST cipher, in S. Vaudenay, editor, FSE. LNCS, vol. 1372 (Springer, 1998), pp. 17–31

21.

National Bureau of Standards, Data Encryption Standard (DES), (1977). Federal Information Processing Standards Publication 46

22.

M. Özen, M. Çoban, F. Karakoç, A guess-and-determine attack on reduced-round Khudra and weak keys of full cipher. IACR Cryptol. ePrint Arch., 2015, 1163, (2015).

23.

U.S. Department of Commerce/National Institute of Standards and Technology, Specification for the Advanced Encryption Standard (AES), (2001). Federal Information Processing Standards Publication 197

24.

T. Van Le, R. Sparr, R. Wernsdorf, Y. Desmedt, Complementation-like and cyclic properties of AES round functions, in H. Dobbertin, V. Rijmen, A. Sowa, editors, AES Conference. LNCS, vol. 3373 (Springer, 2004), pp. 128–141

Titel: Nonlinear Invariant Attack: Practical Attack on Full SCREAM, iSCREAM, and Midori64
verfasst von: Yosuke Todo
Gregor Leander
Yu Sasaki
Publikationsdatum: 02.04.2018
Verlag: Springer US
Erschienen in: Journal of Cryptology / Ausgabe 4/2019
Print ISSN: 0933-2790
Elektronische ISSN: 1432-1378
DOI: https://doi.org/10.1007/s00145-018-9285-0

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 4/2019

Fully Secure Functional Encryption with a Large Class of Relations from the Decisional Linear Assumption

Small CRT-Exponent RSA Revisited

Constant-Round Maliciously Secure Two-Party Computation in the RAM Model

Updating Key Size Estimations for Pairings

Efficient Dissection of Bicomposite Problems with Cryptanalytic Applications

Making Masking Security Proofs Concrete (Or How to Evaluate the Security of Any Leaking Device), Extended Version