Related-tweakey impossible differential attack on reduced-round SKINNY-AEAD M1/M3. (English) Zbl 1492.94102
Galbraith, Steven D. (ed.), Topics in cryptology – CT-RSA 2022. Cryptographers’ track at the RSA conference 2022, virtual event, March 1–2, 2022. Proceedings. Cham: Springer. Lect. Notes Comput. Sci. 13161, 247-271 (2022).
Summary: SKINNY-AEAD is one of the second-round candidates of the Lightweight Cryptography Standardization project held by NIST. SKINNY-AEAD M1 is the primary member of six SKINNY-AEAD schemes, while SKINNY-AEAD M3 is another member with a small tag. In the design document, only security analyses of their underlying primitive SKINNY-128-384 are provided. Besides, there are no valid third-party analyses on SKINNY-AEAD M1/M3 according to our knowledge. Therefore, this paper focuses on constructing the first third-party security analyses on them under a nonce-respecting scenario. By taking the encryption mode of SKINNY-AEAD into consideration and exploiting several properties of SKINNY, we can deduce some necessary constraints on the input and tweakey differences of related-tweakey impossible differential distinguishers. Under these constraints, we can find distinguishers suitable for mounting powerful tweakey recovery attacks. With the help of the automatic searching algorithms based on STP, we find some 14-round distinguishers. Based on one of these distinguishers, we mount a 20-round and an 18-round tweakey recovery attack on SKINNY-AEAD M1/M3. To the best of our knowledge, all these attacks are the best ones so far.
For the entire collection see [Zbl 1490.94003].
For the entire collection see [Zbl 1490.94003].
MSC:
| 94A60 | Cryptography |
Keywords:
related-tweakey; impossible differential cryptanalysis; SKINNY-AEAD M1/M3; tweakey recovery; SKINNY-128-384References:
| [1] | SKINNY-AEAD and SKINNY-Hash: NIST LWC second-round candidate status update (2020). https://csrc.nist.gov/CSRC/media/Projects/lightweight-cryptography/documents/round-2/status-update-sep2020/SKINNY-AEAD_and_SKINNY-Hash_status_update.pdf |
| [2] | Ankele, R.; Gollmann, D.; Miyaji, A.; Kikuchi, H., Related-key impossible-differential attack on reduced-round Skinny, Applied Cryptography and Network Security, 208-228 (2017), Cham: Springer, Cham · Zbl 1521.94024 · doi:10.1007/978-3-319-61204-1_11 |
| [3] | Barrett, C.W., Sebastiani, R., Seshia, S.A., Tinelli, C.: Satisfiability modulo theories. In: Biere, A., Heule, M., van Maaren, H., Walsh, T. (eds.) Handbook of Satisfiability, Frontiers in Artificial Intelligence and Applications, vol. 185, pp. 825-885. IOS Press (2009). doi:10.3233/978-1-58603-929-5-825 · Zbl 1183.68568 |
| [4] | Beierle, C.; Robshaw, M.; Katz, J., The SKINNY family of block ciphers and its low-latency variant MANTIS, Advances in Cryptology - CRYPTO 2016, 123-153 (2016), Heidelberg: Springer, Heidelberg · Zbl 1372.94412 · doi:10.1007/978-3-662-53008-5_5 |
| [5] | Beierle, C., et al.: SKINNY-AEAD and skinny-hash. IACR Trans. Symmetric Cryptol. 2020(S1), 88-131 (2020). doi:10.13154/tosc.v2020.iS1.88-131 |
| [6] | Biham, E., New types of cryptanalytic attacks using related keys, J. Cryptol., 7, 4, 229-246 (1994) · Zbl 0812.94012 · doi:10.1007/BF00203965 |
| [7] | Biham, E.; Biryukov, A.; Shamir, A.; Stern, J., Cryptanalysis of skipjack reduced to 31 rounds using impossible differentials, Advances in Cryptology — EUROCRYPT ’99, 12-23 (1999), Heidelberg: Springer, Heidelberg · Zbl 0927.94013 · doi:10.1007/3-540-48910-X_2 |
| [8] | Boura, C.; Naya-Plasencia, M.; Suder, V.; Sarkar, P.; Iwata, T., Scrutinizing and improving impossible differential attacks: applications to CLEFIA, camellia, LBlock and Simon, Advances in Cryptology - ASIACRYPT 2014, 179-199 (2014), Heidelberg: Springer, Heidelberg · Zbl 1306.94035 · doi:10.1007/978-3-662-45611-8_10 |
| [9] | Hadipour, H., Bagheri, N., Song, L.: Improved rectangle attacks on SKINNY and CRAFT. IACR Trans. Symmetric Cryptol. 2021(2), 140-198 (2021). doi:10.46586/tosc.v2021.i2.140-198 |
| [10] | Jakimoski, G.; Desmedt, Y.; Matsui, M.; Zuccherato, RJ, Related-key differential cryptanalysis of 192-bit key AES variants, Selected Areas in Cryptography, 208-221 (2004), Heidelberg: Springer, Heidelberg · Zbl 1081.94527 · doi:10.1007/978-3-540-24654-1_15 |
| [11] | Jean, J.; Nikolić, I.; Peyrin, T.; Sarkar, P.; Iwata, T., Tweaks and keys for block ciphers: the TWEAKEY framework, Advances in Cryptology - ASIACRYPT 2014, 274-288 (2014), Heidelberg: Springer, Heidelberg · Zbl 1317.94113 · doi:10.1007/978-3-662-45608-8_15 |
| [12] | Kölbl, S.; Leander, G.; Tiessen, T.; Gennaro, R.; Robshaw, M., Observations on the SIMON block cipher family, Advances in Cryptology - CRYPTO 2015, 161-185 (2015), Heidelberg: Springer, Heidelberg · Zbl 1369.94546 · doi:10.1007/978-3-662-47989-6_8 |
| [13] | Krovetz, T.; Rogaway, P.; Joux, A., The software performance of authenticated-encryption modes, Fast Software Encryption, 306-327 (2011), Heidelberg: Springer, Heidelberg · Zbl 1307.94119 · doi:10.1007/978-3-642-21702-9_18 |
| [14] | Li, M., Hu, K., Wang, M.: Related-tweak statistical saturation cryptanalysis and its application on QARMA. IACR Trans. Symmetric Cryptol. 2019(1), 236-263 (2019). doi:10.13154/tosc.v2019.i1.236-263 |
| [15] | Liu, G., Ghosh, M., Song, L.: Security analysis of SKINNY under related-tweakey settings (long paper). IACR Trans. Symmetric Cryptol. 2017(3), 37-72 (2017). doi:10.13154/tosc.v2017.i3.37-72 |
| [16] | Liu, Y.; Wang, Q.; Rijmen, V.; Manulis, M.; Sadeghi, A-R; Schneider, S., Automatic search of linear trails in ARX with applications to SPECK and chaskey, Applied Cryptography and Network Security, 485-499 (2016), Cham: Springer, Cham · Zbl 1346.94112 · doi:10.1007/978-3-319-39555-5_26 |
| [17] | Longo, G., Zilli, M.V.: Complexity of theorem-proving procedures: some general properties. RAIRO Theor. Informatics Appl. 8(3), 5-18 (1974). doi:10.1051/ita/197408R300051 · Zbl 0302.68098 |
| [18] | Niu, C.; Li, M.; Sun, S.; Wang, M.; Paterson, KG, Zero-correlation linear cryptanalysis with equal treatment for plaintexts and tweakeys, Topics in Cryptology - CT-RSA 2021, 126-147 (2021), Cham: Springer, Cham · Zbl 1479.94238 · doi:10.1007/978-3-030-75539-3_6 |
| [19] | Sadeghi, S., Mohammadi, T., Bagheri, N.: Cryptanalysis of reduced round SKINNY block cipher. IACR Trans. Symmetric Cryptol. 2018(3), 124-162 (2018). doi:10.13154/tosc.v2018.i3.124-162 |
| [20] | Shi, D.; Sun, S.; Derbez, P.; Todo, Y.; Sun, B.; Hu, L.; Peyrin, T.; Galbraith, S., Programming the Demirci-Selçuk meet-in-the-middle attack with constraints, Advances in Cryptology - ASIACRYPT 2018, 3-34 (2018), Cham: Springer, Cham · Zbl 1446.94157 · doi:10.1007/978-3-030-03329-3_1 |
| [21] | Tolba, M.; Abdelkhalek, A.; Youssef, AM; Joye, M.; Nitaj, A., Impossible differential cryptanalysis of reduced-round SKINNY, Progress in Cryptology - AFRICACRYPT 2017, 117-134 (2017), Cham: Springer, Cham · Zbl 1408.94969 · doi:10.1007/978-3-319-57339-7_7 |
| [22] | Zhao, B.; Dong, X.; Meier, W.; Jia, K.; Wang, G., Generalized related-key rectangle attacks on block ciphers with linear key schedule: applications to SKINNY and GIFT, Des. Codes Crypt., 88, 6, 1103-1126 (2020) · Zbl 1448.94236 · doi:10.1007/s10623-020-00730-1 |
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. In some cases that data have been complemented/enhanced by data from zbMATH Open. This attempts to reflect the references listed in the original paper as accurately as possible without claiming completeness or a perfect matching.
