Reflection Cryptanalysis of PRINCE-Like Ciphers

PRINCE is a low-latency block cipher presented at ASIACRYPT 2012. The cipher was designed with a property called alpha-reflection which reduces the definition of the decryption with a given key to an encryption with a different but related key determined by alpha. In the design document, it was shown that PRINCE is secure against known attacks independently of the value of alpha, and the design criteria for alpha remained open. In this paper, we introduce new generic distinguishers on PRINCE-like ciphers. First, we show that, by folding the cipher in the middle, the number of rounds can be halved due to the alpha-reflection property. Furthermore, we investigate many classes of alpha and find the best differential characteristic for the folded cipher. For such alpha there exist an efficient key-recovery attack on the full 12-round cipher with the data complexity of 2(57.98) known plaintexts and time complexity of 2(72.39) encryptions. With the original value of alpha we can attack a reduced six-round version of PRINCE. As a result of the new cryptanalysis method presented in this paper, new design criteria concerning the selection of the value of alpha for PRINCE-like ciphers are obtained.