Skip to main content
Springer Nature Link
Log in

Related-Tweakey Impossible Differential Attack on Reduced-Round SKINNY-AEAD M1/M3

  • Conference paper
  • First Online:
Topics in Cryptology – CT-RSA 2022 (CT-RSA 2022)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 13161))

Included in the following conference series:

Abstract

SKINNY-AEAD is one of the second-round candidates of the Lightweight Cryptography Standardization project held by NIST. SKINNY-AEAD M1 is the primary member of six SKINNY-AEAD schemes, while SKINNY-AEAD M3 is another member with a small tag. In the design document, only security analyses of their underlying primitive SKINNY-128-384 are provided. Besides, there are no valid third-party analyses on SKINNY-AEAD M1/M3 according to our knowledge. Therefore, this paper focuses on constructing the first third-party security analyses on them under a nonce-respecting scenario. By taking the encryption mode of SKINNY-AEAD into consideration and exploiting several properties of SKINNY, we can deduce some necessary constraints on the input and tweakey differences of related-tweakey impossible differential distinguishers. Under these constraints, we can find distinguishers suitable for mounting powerful tweakey recovery attacks. With the help of the automatic searching algorithms based on STP, we find some 14-round distinguishers. Based on one of these distinguishers, we mount a 20-round and an 18-round tweakey recovery attack on SKINNY-AEAD M1/M3. To the best of our knowledge, all these attacks are the best ones so far.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    https://csrc.nist.gov/Projects/lightweight-cryptography/round-2-candidates.

  2. 2.

    |A| denotes the bit length of associated data A. When \(|A|=0\), there is no encryption of associated data in the tweakey recovery attack.

  3. 3.

    Taking a 20-round tweakey recovery attack as an example, we explain why \(\varDelta \mathcal {TK}_{1}^1[p]=\) 0x03. In the tweakey recovery attacks, if \(\varDelta \mathcal {TK}_{1}^1[p]=\) 0x03, we will utilize plaintext-ciphertext pairs in the i-th and \((i+1)\)-th block of encryptions in SKINNY-AEAD M1/M3, where \(i= 8 \cdot ((P_T^{-1}) \circ (P_T^{-1}(p))) +1\), which needs less time complexity than other values once p is fixed.

  4. 4.

    https://github.com/stp/stp.

  5. 5.

    \(p_i\) and \(p_o\) denote the active cell positions corresponding to the input and out differences of the distinguisher, respectively.

  6. 6.

    We define the master tweakey corresponding to Key as master key MK.

References

  1. SKINNY-AEAD and SKINNY-Hash: NIST LWC second-round candidate status update (2020). https://csrc.nist.gov/CSRC/media/Projects/lightweight-cryptography/documents/round-2/status-update-sep2020/SKINNY-AEAD_and_SKINNY-Hash_status_update.pdf

  2. Ankele, R., et al.: Related-key impossible-differential attack on reduced-round Skinny. In: Gollmann, D., Miyaji, A., Kikuchi, H. (eds.) ACNS 2017. LNCS, vol. 10355, pp. 208–228. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-61204-1_11

    Chapter  Google Scholar 

  3. Barrett, C.W., Sebastiani, R., Seshia, S.A., Tinelli, C.: Satisfiability modulo theories. In: Biere, A., Heule, M., van Maaren, H., Walsh, T. (eds.) Handbook of Satisfiability, Frontiers in Artificial Intelligence and Applications, vol. 185, pp. 825–885. IOS Press (2009). https://doi.org/10.3233/978-1-58603-929-5-825

  4. Beierle, C., et al.: The SKINNY family of block ciphers and its low-latency variant MANTIS. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016, Part II. LNCS, vol. 9815, pp. 123–153. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53008-5_5

    Chapter  Google Scholar 

  5. Beierle, C., et al.: SKINNY-AEAD and skinny-hash. IACR Trans. Symmetric Cryptol. 2020(S1), 88–131 (2020). https://doi.org/10.13154/tosc.v2020.iS1.88-131

  6. Biham, E.: New types of cryptanalytic attacks using related keys. J. Cryptol. 7(4), 229–246 (1994). https://doi.org/10.1007/BF00203965

    Article  MATH  Google Scholar 

  7. Biham, E., Biryukov, A., Shamir, A.: Cryptanalysis of skipjack reduced to 31 rounds using impossible differentials. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 12–23. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48910-X_2

    Chapter  Google Scholar 

  8. Boura, C., Naya-Plasencia, M., Suder, V.: Scrutinizing and improving impossible differential attacks: applications to CLEFIA, camellia, LBlock and Simon. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014, Part I. LNCS, vol. 8873, pp. 179–199. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45611-8_10

    Chapter  Google Scholar 

  9. Hadipour, H., Bagheri, N., Song, L.: Improved rectangle attacks on SKINNY and CRAFT. IACR Trans. Symmetric Cryptol. 2021(2), 140–198 (2021). https://doi.org/10.46586/tosc.v2021.i2.140-198

  10. Jakimoski, G., Desmedt, Y.: Related-key differential cryptanalysis of 192-bit key AES variants. In: Matsui, M., Zuccherato, R.J. (eds.) SAC 2003. LNCS, vol. 3006, pp. 208–221. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24654-1_15

    Chapter  Google Scholar 

  11. Jean, J., Nikolić, I., Peyrin, T.: Tweaks and keys for block ciphers: the TWEAKEY framework. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014, Part II. LNCS, vol. 8874, pp. 274–288. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45608-8_15

    Chapter  Google Scholar 

  12. Kölbl, S., Leander, G., Tiessen, T.: Observations on the SIMON block cipher family. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015, Part I. LNCS, vol. 9215, pp. 161–185. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-47989-6_8

    Chapter  Google Scholar 

  13. Krovetz, T., Rogaway, P.: The software performance of authenticated-encryption modes. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 306–327. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-21702-9_18

    Chapter  MATH  Google Scholar 

  14. Li, M., Hu, K., Wang, M.: Related-tweak statistical saturation cryptanalysis and its application on QARMA. IACR Trans. Symmetric Cryptol. 2019(1), 236–263 (2019). https://doi.org/10.13154/tosc.v2019.i1.236-263

  15. Liu, G., Ghosh, M., Song, L.: Security analysis of SKINNY under related-tweakey settings (long paper). IACR Trans. Symmetric Cryptol. 2017(3), 37–72 (2017). https://doi.org/10.13154/tosc.v2017.i3.37-72

  16. Liu, Y., Wang, Q., Rijmen, V.: Automatic search of linear trails in ARX with applications to SPECK and chaskey. In: Manulis, M., Sadeghi, A.-R., Schneider, S. (eds.) ACNS 2016. LNCS, vol. 9696, pp. 485–499. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-39555-5_26

    Chapter  Google Scholar 

  17. Longo, G., Zilli, M.V.: Complexity of theorem-proving procedures: some general properties. RAIRO Theor. Informatics Appl. 8(3), 5–18 (1974). https://doi.org/10.1051/ita/197408R300051

  18. Niu, C., Li, M., Sun, S., Wang, M.: Zero-correlation linear cryptanalysis with equal treatment for plaintexts and tweakeys. In: Paterson, K.G. (ed.) CT-RSA 2021. LNCS, vol. 12704, pp. 126–147. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-75539-3_6

    Chapter  Google Scholar 

  19. Sadeghi, S., Mohammadi, T., Bagheri, N.: Cryptanalysis of reduced round SKINNY block cipher. IACR Trans. Symmetric Cryptol. 2018(3), 124–162 (2018). https://doi.org/10.13154/tosc.v2018.i3.124-162

  20. Shi, D., Sun, S., Derbez, P., Todo, Y., Sun, B., Hu, L.: Programming the Demirci-Selçuk meet-in-the-middle attack with constraints. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018, Part II. LNCS, vol. 11273, pp. 3–34. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03329-3_1

    Chapter  Google Scholar 

  21. Tolba, M., Abdelkhalek, A., Youssef, A.M.: Impossible differential cryptanalysis of reduced-round SKINNY. In: Joye, M., Nitaj, A. (eds.) AFRICACRYPT 2017. LNCS, vol. 10239, pp. 117–134. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-57339-7_7

    Chapter  Google Scholar 

  22. Zhao, B., Dong, X., Meier, W., Jia, K., Wang, G.: Generalized related-key rectangle attacks on block ciphers with linear key schedule: applications to SKINNY and GIFT. Des. Codes Crypt. 88(6), 1103–1126 (2020). https://doi.org/10.1007/s10623-020-00730-1

    Article  MathSciNet  MATH  Google Scholar 

Download references

Acknowledgements

This work has been supported by the National Natural Science Foundation of China (Grant No. 62032014 and Grant No. 62002204), the National Key Research and Development Program of China (Grant No. 2018YFA0704702), the Major Basic Research Project of Natural Science Foundation of Shandong Province, China (Grant No. ZR202010220025).

Author information

Authors and Affiliations

  1. School of Cyber Science and Technology, Shandong University, Qingdao, 266237, Shandong, China

    Yanhong Fan, Muzhou Li, Chao Niu, Zhenyu Lu & Meiqin Wang

  2. Key Laboratory of Cryptologic Technology and Information Security of Ministry of Education, Shandong University, Qingdao, 266237, Shandong, China

    Yanhong Fan, Muzhou Li, Chao Niu, Zhenyu Lu & Meiqin Wang

Authors
  1. Yanhong Fan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Muzhou Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Chao Niu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Zhenyu Lu
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Meiqin Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Meiqin Wang .

Editor information

Editors and Affiliations

  1. University of Auckland, Auckland, New Zealand

    Steven D. Galbraith

A 18-Round Related-Tweakey Impossible Differential Attack for SKINNY-AEAD M1/M3

A 18-Round Related-Tweakey Impossible Differential Attack for SKINNY-AEAD M1/M3

Fig. 7.
figure 7

18-round related-tweakey impossible differential attack for SKINNY-AEAD M1/M3

Full size image

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Fan, Y., Li, M., Niu, C., Lu, Z., Wang, M. (2022). Related-Tweakey Impossible Differential Attack on Reduced-Round SKINNY-AEAD M1/M3. In: Galbraith, S.D. (eds) Topics in Cryptology – CT-RSA 2022. CT-RSA 2022. Lecture Notes in Computer Science(), vol 13161. Springer, Cham. https://doi.org/10.1007/978-3-030-95312-6_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-95312-6_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-95311-9

  • Online ISBN: 978-3-030-95312-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics