Search CORE

6 research outputs found

Improved Linear Cryptanalysis of Reduced-Round MIBS

Author: A. Bay
A. Biryukov
B. Collard
B.S. Kaliski Jr.
J.Y. Cho
L.R. Knudsen
M. Hermelin
M. Hermelin
M. Hermelin
M. Hermelin
M. Izadi
M. Matsui
M. Matsui
M. Matsui
P.H. Nguyen
S. Murphy
T. Baignères
Publication venue: 'Springer Science and Business Media LLC'
Publication date: 01/01/2014
Field of study

MIBS is a 32-round lightweight block cipher with 64-bit block size and two different key sizes, namely 64-bit and 80-bit keys. Bay et al. provided the first impossible differential, differential and linear cryptanalyses of MIBS. Their best attack was a linear attack on the 18-round MIBS-80. In this paper, we significantly improve their attack by discovering more approximations and mounting Hermelin et al.'s multidimensional linear cryptanalysis. We also use Nguyen et al.'s technique to have less time complexity. We attack on 19 rounds of MIBS-80 with a time complexity of 2^{74.23} 19-round MIBS-80 encryptions by using 2^{57.87} plaintext-ciphertext pairs. To the best of our knowledge, the result proposed in this paper is the best cryptanalytic result for MIBS, so far

Infoscience - École polytechnique fédérale de Lausanne

Crossref

ElimLin Algorithm Revisited

Author: A. Bay
A. Bogdanov
A. Bogdanov
B. Buchberger
C. Cannière De
D. Engels
H. Raddum
I. Dinur
I. Dinur
J. Faugère
J. Guo
J. Guo
J. Nakahara Jr.
J.-P. Aumasson
K. Shibutani
L. Knudsen
M. Izadi
N.T. Courtois
N.T. Courtois
N.T. Courtois
N.T. Courtois
N.T. Courtois
N.T. Courtois
N.T. Courtois
N.T. Courtois
O. Dunkelman
S. Indesteege
S. Murphy
W. Wu
Z. Gong
Publication venue: 'Springer Science and Business Media LLC'
Publication date: 01/01/2012
Field of study

ElimLin is a simple algorithm for solving polynomial systems of multivariate equations over small finite fields. It was initially proposed as a single tool by Courtois to attack DES. It can reveal some hidden linear equations existing in the ideal generated by the system. We report a number of key theorems on ElimLin. Our main result is to characterize ElimLin in terms of a sequence of intersections of vector spaces. It implies that the linear space generated by ElimLin is invariant with respect to any variable ordering during elimination and substitution. This can be seen as surprising given the fact that it eliminates variables. On the contrary, monomial ordering is a crucial factor in Gröbner basis algorithms such as F4. Moreover, we prove that the result of ElimLin is invariant with respect to any affine bijective variable change. Analyzing an overdefined dense system of equations, we argue that to obtain more linear equations in the succeeding iteration in ElimLin some restrictions should be satisfied. Finally, we compare the security of LBlock and MIBS block ciphers with respect to algebraic attacks and propose several attacks on Courtois Toy Cipher version 2 (CTC2) with distinct parameters using ElimLin

Crossref

UCL Discovery

Automatic Search of Truncated Impossible Differentials for Word-Oriented Block Ciphers (Full Version)

Author: Mingsheng Wang
Shengbao Wu
Publication venue: International Association for Cryptologic Research (IACR)
Publication date: 29/10/2012
Field of study

Impossible differential cryptanalysis is a powerful technique to recover the secret key of block ciphers by exploiting the fact that in block ciphers specific input and output differences are not compatible. This paper introduces a novel tool to search truncated impossible differentials for word-oriented block ciphers with bijective Sboxes. Our tool generalizes the earlier

\mathcal{U}

-method and the UID-method. It allows to reduce the gap between the best impossible differentials found by these methods and the best known differentials found by ad hoc methods that rely on cryptanalytic insights. The time and space complexities of our tool in judging an

r

-round truncated impossible differential are about

O(c\cdot l^4\cdot r^4)

and

O(c\u27\cdot l^2\cdot r^2)

respectively, where

l

is the number of words in the plaintext and

c

c\u27

are constants depending on the machine and the block cipher. In order to demonstrate the strength of our tool, we show that it does not only allow to automatically rediscover the longest truncated impossible differentials of many word-oriented block ciphers, but also finds new results. It independently rediscovers all 72 known truncated impossible differentials on 9-round CLEFIA. In addition, finds new truncated impossible differentials for AES, ARIA, Camellia without FL and FL

^{-1}

layers, E2, LBlock, MIBS and Piccolo. Although our tool does not improve the lengths of impossible differentials for existing block ciphers, it helps to close the gap between the best known results of previous tools and those of manual cryptanalysis

Cryptology ePrint Archive

Cryptanalysis of reduced-round MIBS Block Cipher

Author: A. Biryukov
A. Bogdanov
A.A. Selçuk
E. Biham
J. Lu
K. Aoki
K. Nyberg
M. Matsui
M.I. Izadi
W. Wu
W. Wu
Publication venue
Publication date: 01/01/2010
Field of study

Abstract. This paper presents the first independent and systematic linear, differential and impossible-differential (ID) cryptanalyses of MIBS, a lightweight block cipher aimed at constrained devices such as RFID tags and sensor networks. Our contributions include linear attacks on up to 18-round MIBS, and the first ciphertext-only attacks on 13-round MIBS. Our differential analysis reaches 14 rounds, and our impossibledifferential attack reaches 12 rounds. These attacks do not threaten the full 32-round MIBS, but significantly reduce its margin of security by more than 50%. One fact that attracted our attention is the striking similarity of the round function of MIBS with that of the Camellia block cipher. We actually used this fact in our ID attacks. We hope further similarities will help build better attacks for Camellia as well

Infoscience - École polytechnique fédérale de Lausanne

CiteSeerX

Crossref