Integral attacks on round-reduced Bel-T-256. (English) Zbl 1447.94034
Cid, Carlos (ed.) et al., Selected areas in cryptography – SAC 2018. 25th international conference, Calgary, AB, Canada, August 15–17, 2018. Revised selected papers. Cham: Springer. Lect. Notes Comput. Sci. 11349, 73-91 (2019).
Summary: Bel-T is the national block cipher encryption standard of the Republic of Belarus. It has a 128-bit block size and a variable key length of 128, 192 or 256 bits. Bel-T combines a Feistel network with a Lai-Massey scheme to build a complex round function with 7 S-box layers per round then iterate this round function 8 times to construct the whole cipher. In this paper, we present integral attacks against Bel-T-256 using the propagation of the bit-based division property. Firstly, we propose two 2-round integral characteristics by employing a mixed integer linear programming (MILP) (Our open source code to generate the MILP model can be downloaded from https://github.com/mhgharieb/Bel-T-256) approach to propagate the division property through the round function. Then, we utilize these integral characteristics to attack \(3\frac{2}{7}\) rounds (out of 8) Bel-T-256 with data and time complexities of \(2^{13}\) chosen plaintexts and \(2^{199.33}\) encryption operations, respectively. We also present an attack against \(3\frac{6}{7}\) rounds with data and time complexities of \(2^{33}\) chosen plaintexts and \(2^{254.61}\) encryption operations, respectively. To the best of our knowledge, these attacks are the first published theoretical attacks against the cipher in the single-key model.
For the entire collection see [Zbl 1405.94008].
For the entire collection see [Zbl 1405.94008].
MSC:
| 94A60 | Cryptography |
References:
| [1] | Preliminary state standard of republic of belarus (stbp 34.101.312011) (2011). http://apmi.bsu.by/assets/files/std/belt-spec27.pdf |
| [2] | Abdelkhalek, A.; Tolba, M.; Youssef, AM, Related-key differential attack on round-reduced Bel-T-256, IEICE Trans. Fundam. Electron. Commun. Comput. Sci., 101, 5, 859-862 (2018) · doi:10.1587/transfun.E101.A.859 |
| [3] | Beaulieu, R., Treatman-Clark, S., Shors, D., Weeks, B., Smith, J., Wingers, L.: The SIMON and SPECK lightweight block ciphers. In: 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC), pp. 1-6. IEEE (2015) · Zbl 1382.94059 |
| [4] | Daemen, J.; Knudsen, L.; Rijmen, V.; Biham, E., The block cipher square, Fast Software Encryption, 149-165 (1997), Heidelberg: Springer, Heidelberg · Zbl 1385.94025 · doi:10.1007/BFb0052343 |
| [5] | Feistel, H.; Notz, WA; Smith, JL, Some cryptographic techniques for machine-to-machine data communications, Proc. IEEE, 63, 11, 1545-1554 (1975) · doi:10.1109/PROC.1975.10005 |
| [6] | Jovanovic, P., Polian, I.: Fault-based attacks on the Bel-T block cipher family. In: Proceedings of the 2015 Design, Automation & Test in Europe Conference & Exhibition, pp. 601-604. EDA Consortium (2015) |
| [7] | Knudsen, L.; Wagner, D.; Daemen, J.; Rijmen, V., Integral cryptanalysis, Fast Software Encryption, 112-127 (2002), Heidelberg: Springer, Heidelberg · Zbl 1045.94527 · doi:10.1007/3-540-45661-9_9 |
| [8] | Lai, X.; Massey, JL; Damgård, IB, A proposal for a new block encryption standard, Advances in Cryptology — EUROCRYPT 1990, 389-404 (1991), Heidelberg: Springer, Heidelberg · Zbl 0764.94017 · doi:10.1007/3-540-46877-3_35 |
| [9] | Sun, L.; Wang, M., Toward a further understanding of bit-based division property, Sci. China Inf. Sci., 60, 12, 128101 (2017) · doi:10.1007/s11432-016-9170-y |
| [10] | Sun, L., Wang, W., Liu, R., Wang, M.: MILP-aided bit-based division property for ARX-based block cipher. Cryptology ePrint Archive, report 2016/1101 (2016). https://eprint.iacr.org/2016/1101 |
| [11] | Sun, L., Wang, W., Wang, M.: MILP-aided bit-based division property for primitives with non-bit-permutation linear layers. Cryptology ePrint Archive, report 2016/811 (2016). https://eprint.iacr.org/2016/811 |
| [12] | Sun, L.; Wang, W.; Wang, M.; Takagi, T.; Peyrin, T., Automatic search of bit-based division property for ARX ciphers and word-based division property, Advances in Cryptology - ASIACRYPT 2017, 128-157 (2017), Cham: Springer, Cham · Zbl 1420.94097 · doi:10.1007/978-3-319-70694-8_5 |
| [13] | Sun, S., et al.: Towards finding the best characteristics of some bit-oriented block ciphers and automatic enumeration of (related-key) differential and linear characteristics with predefined properties (2014). https://eprint.iacr.org/2014/747 |
| [14] | Todo, Y.; Oswald, E.; Fischlin, M., Structural evaluation by generalized integral property, Advances in Cryptology - EUROCRYPT 2015, 287-314 (2015), Heidelberg: Springer, Heidelberg · Zbl 1370.94545 · doi:10.1007/978-3-662-46800-5_12 |
| [15] | Todo, Y., Integral cryptanalysis on full MISTY1, J. Cryptol., 30, 3, 920-959 (2017) · Zbl 1377.94066 · doi:10.1007/s00145-016-9240-x |
| [16] | Todo, Y.; Morii, M.; Peyrin, T., Bit-based division property and application to Simon family, Fast Software Encryption, 357-377 (2016), Heidelberg: Springer, Heidelberg · Zbl 1387.94102 · doi:10.1007/978-3-662-52993-5_18 |
| [17] | Xiang, Z.; Zhang, W.; Bao, Z.; Lin, D.; Cheon, JH; Takagi, T., Applying MILP method to searching integral distinguishers based on division property for 6 lightweight block ciphers, Advances in Cryptology - ASIACRYPT 2016, 648-678 (2016), Heidelberg: Springer, Heidelberg · Zbl 1404.94120 · doi:10.1007/978-3-662-53887-6_24 |
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. In some cases that data have been complemented/enhanced by data from zbMATH Open. This attempts to reflect the references listed in the original paper as accurately as possible without claiming completeness or a perfect matching.
