On the Security of the DeKaRT primitive

Abstract DeKaRT primitives are key-dependent reversible circuits presented at CHES 2003. According to the author, the circuits described are suitable for data scrambling but also as building blocks for block ciphers. Data scrambling of internal links and memories on smart card chips is intended for protecting data against probing attacks. In this paper, we analyze the DeKaRT primitive using linear cryptanalysis. We show that despite its key-dependent behavior, DeKaRT still has strongly linear structures, that can be exploited even under the particular hypothesis that only one bit of the ciphertexts is available to the attacker (as it is the case in the context of probing attacks), and using very few plaintext-ciphertext pairs. The attack methodology we describe could be applied to other data scrambling primitives exhibiting highly biased linear relations