Integral Cryptanalysis on Lightweight Block Cipher WARP Based on the Algebraic Structure Perspective

被引：0

作者：

Xing Z. ^{[1
,2
]}

Zhang W. ^{[1
]}

Cao M. ^{[3
]}

机构：

[1] School of Information Science and Engineering, Shandong Normal University, Jinan

[2] School of Sciences, Shandong Jiaotong University, Jinan

[3] School of Information Engineering, Shandong Management University, Jinan

来源：

Jisuanji Yanjiu yu Fazhan/Computer Research and Development | 2023年 / 60卷 / 04期

基金：

中国国家自然科学基金;

关键词：

algebraic structure; Feistel-SP block cipher; integral attack; integral distinguisher; WARP;

D O I：

10.7544/issn1000-1239.202111169

中图分类号：

学科分类号：

摘要：

In the industrial Internet that incorporates the Internet of things and 5G network technologies, end devices generate enormous amounts of data. The secure transmission of the data requires lightweight ciphers dedicated to such resource-constrained environments. Furthermore, the security evaluation of newly proposed lightweight ciphers is crucial to secure the industrial Internet. An improved integral property for ciphers with a particular structure is proposed by using the multivariate polynomial technique in this study. By using the proposed integral property, longer integral distinguishers are constructed, which improve the integral analysis from the algebraic structure perspective. A framework for constructing integral distinguishers of SPN and Feistel-SP block ciphers from the algebraic structure perspective is given. It is applied to the integral analysis of the lightweight block cipher WARP proposed by Banik et al. in SAC 2020. As a result, two 22-round integral distinguishers with data complexity 2116 are constructed, which are two rounds longer than the distinguishers given by the designers, with less complexity. Based on the 22-round distinguishers, a 26-round key-recovery attack is proposed, which is five rounds more than the one given by the designers. To the best of our knowledge, this is thus far the best known key-recovery attack on WARP in the single-key scenario. In addition, experimental verification of an 18-round integral distinguisher is carried out with the data complexity 232. © 2023 Science Press. All rights reserved.

引用

页码：860 / 872

页数：12

共 23 条

[1] Bogdanov A, Knudsen L R, Leander G, Et al., PRESENT: An ultra-lightweight block cipher[G], LNCS 4727: Proc of the 9th Int Workshop on Cryptographic Hardware and Embedded Systems, pp. 450-466, (2007)
[2] Wenling Wu, Zhang Lei, LBlock: A lightweight block cipher[G], LNCS 6715: Proc of the 9th Int Conf on Applied Cryptography and Network Security, pp. 327-344, (2011)
[3] Wei Li, Yixin Wu, Dawu Gu, Et al., Ciphertext-only fault analysis of the LBlock lightweight cipher[J], Journal of Computer Research and Development, 55, 10, pp. 2174-2184, (2018)
[4] Banik S, Pandey S K, Peyrin T, Et al., GIFT: A small present-towards reaching the limit of lightweight encryption[G], LNCS 10529: Proc of the 19th Int Conf on Cryptographic Hardware and Embedded Systems, pp. 321-345, (2017)
[5] Banik S, Bao Zhenzhen, Isobe T, Et al., WARP: Revisiting GFN for lightweight 128-bit block cipher[G], LNCS 12804: Proc of the 27th Int Conf on Selected Areas in Cryptography, pp. 535-564, (2020)
[6] Kumar M, Yadav T., MILP based differential attack on round reduced WARP[G], LNCS 13162: Proc of the 11th Int Conf on Security, Privacy, and Applied Cryptography Engineering, pp. 42-59, (2021)
[7] Teh J S, Biryukov A., Differential cryptanalysis of WARP
[8] Daemen J, Knudsen L, Rijmen V., The block cipher SQUARE[G], LNCS 1267: Proc of the 4th Int Workshop on Fast Software Encryption, pp. 149-165, (1997)
[9] Knudsen L, Wagner D., Integral cryptanalysis[G], LNCS 2365: Proc of the 9th Int Workshop on Fast Software Encryption, pp. 112-127, (2002)
[10] Todo Y., Structural evaluation by generalized integral property[G], LNCS 9056: Proc of the 34th Annual Int Conf on the Theory and Applications of Cryptographic Techniques, pp. 287-314, (2015)

← 1 2 3 →