Abstract
The related-key statistical saturation (RKSS) attack is a cryptanalysis method proposed by Li et al. at FSE 2019. It can be seen as the extension of previous statistical saturation attacks under the related-key setting. The attack takes advantage of a set of plaintexts with some bits fixed, while the other bits take all possible values, and considers the relation between the value distributions of a part of the ciphertext bits generated under related keys. Usually, RKSS distinguishers exploit the property that the value distribution stays invariant under the modification of the key. However, this property can only be deterministically verified if the plaintexts cover all possible values of a selection of bits. In this paper, we propose the probabilistic RKSS cryptanalysis which avoids iterating over all non-fixed plaintext bits by applying a statistical method on top of the original RKSS distinguisher. Compared to the RKSS attack, this newly proposed attack has a significantly lower data complexity and has the potential of attacking more rounds. As an illustration, for reduced-round Piccolo, we obtain the best key recovery attacks (considering both pre- and post-whitening keys) on both versions in terms of the number of rounds. Note that these attacks do not threaten the full-round security of Piccolo.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
In our experimental verification, \(s=12\) and it is enough to ensure the validity of this hypothesis, as well as other assumptions used in this paper.
- 2.
SmallSPN has a structure that is similar to Mini-AES, but they have a different number of rounds, S-box, linear matrix, and key schedule.
- 3.
References
Ahangarkolaei, M.Z., Najarkolaei, S.R.H., Ahmadi, S., Aref, M.R.: Zero correlation linear attack on reduced round Piccolo-80. In: ISCISC 2016, pp. 66–71. IEEE (2016). https://doi.org/10.1109/ISCISC.2016.7736453
Ashur, T., Dunkelman, O., Masalha, N.: Linear cryptanalysis reduced round of Piccolo-80. In: Dolev, S., Hendler, D., Lodha, S., Yung, M. (eds.) CSCML 2019. LNCS, vol. 11527, pp. 16–32. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-20951-3_2
Avanzi, R.: The QARMA block cipher family. Almost MDS matrices over rings with zero divisors, nearly symmetric Even-Mansour constructions with non-involutory central rounds, and search heuristics for low-latency S-boxes. IACR Trans. Symmetric Cryptol. 2017(1), 4–44 (2017). https://doi.org/10.13154/tosc.v2017.i1.4-44
Azimi, S.A., Ahmadian, Z., Mohajeri, J., Aref, M.R.: Impossible differential cryptanalysis of Piccolo lightweight block cipher. In: ISCISC 2014, pp. 89–94. IEEE (2014). https://doi.org/10.1109/ISCISC.2014.6994028
Barrett, C.W., Sebastiani, R., Seshia, S.A., Tinelli, C.: Satisfiability modulo theories. In: Biere, A., Heule, M., van Maaren, H., Walsh, T. (eds.) Handbook of Satisfiability, Frontiers in Artificial Intelligence and Applications, vol. 185, pp. 825–885. IOS Press (2009). https://doi.org/10.3233/978-1-58603-929-5-825
Bogdanov, A., Boura, C., Rijmen, V., Wang, M., Wen, L., Zhao, J.: Key difference invariant bias in block ciphers. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8269, pp. 357–376. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-42033-7_19
Collard, B., Standaert, F.-X.: A statistical saturation attack against the block cipher PRESENT. In: Fischlin, M. (ed.) CT-RSA 2009. LNCS, vol. 5473, pp. 195–210. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-00862-7_13
Cook, S.A.: The complexity of theorem-proving procedures. In: Harrison, M.A., Banerji, R.B., Ullman, J.D. (eds.) Proceedings of the 3rd Annual ACM Symposium on Theory of Computing, Shaker Heights, Ohio, USA, 3–5 May 1971, pp. 151–158. ACM (1971). https://doi.org/10.1145/800157.805047
Daemen, J., Knudsen, L., Rijmen, V.: The block cipher square. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 149–165. Springer, Heidelberg (1997). https://doi.org/10.1007/BFb0052343
Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. Information Security and Cryptography. Springer, Cham (2002). https://doi.org/10.1007/978-3-662-04722-4
Daemen, J., Rijmen, V.: Probability distributions of correlation and differentials in block ciphers. J. Math. Cryptol. 1(3), 221–242 (2007). https://doi.org/10.1515/JMC.2007.011
DasGupta, A.: Asymptotic Theory of Statistics and Probability. Springer, New York (2008). https://doi.org/10.1007/978-0-387-75971-5
Dobraunig, C., Eichlseder, M., Mendel, F.: Square attack on 7-round Kiasu-BC. In: Manulis, M., Sadeghi, A.-R., Schneider, S. (eds.) ACNS 2016. LNCS, vol. 9696, pp. 500–517. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-39555-5_27
Fouque, P.-A., Karpman, P.: Security amplification against meet-in-the-middle attacks using whitening. In: Stam, M. (ed.) IMACC 2013. LNCS, vol. 8308, pp. 252–269. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-45239-0_15
Fu, L., Jin, C., Li, X.: Multidimensional zero-correlation linear cryptanalysis of lightweight block cipher Piccolo-128. Secur. Commun. Netw. 9(17), 4520–4535 (2016). https://doi.org/10.1002/sec.1644
Isobe, T., Shibutani, K.: Security analysis of the lightweight block ciphers XTEA, LED and Piccolo. In: Susilo, W., Mu, Y., Seberry, J. (eds.) ACISP 2012. LNCS, vol. 7372, pp. 71–86. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-31448-3_6
Jeong, K., Kang, H., Lee, C., Sung, J., Hong, S.: Biclique cryptanalysis of lightweight block ciphers PRESENT, Piccolo and LED. Cryptology ePrint Archive, Paper 2012/621 (2012). https://eprint.iacr.org/2012/621
Knudsen, L., Wagner, D.: Integral cryptanalysis. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 112–127. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45661-9_9
Li, M., Hu, K., Wang, M.: Related-tweak statistical saturation cryptanalysis and its application on QARMA. IACR Trans. Symmetric Cryptol. 2019(1), 236–263 (2019). https://doi.org/10.13154/tosc.v2019.i1.236-263
Li, M., Mouha, N., Sun, L., Wang, M.: Probabilistic related-key statistical saturation cryptanalysis. IACR Cryptology ePrint Archive, p. 1245 (2023). https://eprint.iacr.org/2023/1245
Liu, Y., Cheng, L., Liu, Z., Li, W., Wang, Q., Gu, D.: Improved meet-in-the-middle attacks on reduced-round Piccolo. Sci. China Inf. Sci. 61(3), 032108:1–032108:13 (2018). https://doi.org/10.1007/s11432-016-9157-y
Liu, Y., et al.: New analysis of reduced-version of Piccolo in the single-key scenario. KSII Trans. Internet Inf. Syst. 13(9), 4727–4741 (2019). https://doi.org/10.3837/tiis.2019.09.022
Matsui, M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48285-7_33
Maxwell, A.E.: Comparing the classification of subjects by two independent judges. Br. J. Psychiatry 116, 651–655 (1970). https://doi.org/10.1192/bjp.116.535.651
Minier, M.: On the security of Piccolo lightweight block cipher against related-key impossible differentials. In: Paul, G., Vaudenay, S. (eds.) INDOCRYPT 2013. LNCS, vol. 8250, pp. 308–318. Springer, Cham (2013). https://doi.org/10.1007/978-3-319-03515-4_21
Mouha, N., Preneel, B.: Towards finding optimal differential characteristics for ARX: application to Salsa20. Cryptology ePrint Archive, Paper 2013/328 (2013). https://eprint.iacr.org/2013/328
Nyberg, K.: Linear approximation of block ciphers. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 439–444. Springer, Heidelberg (1995). https://doi.org/10.1007/BFb0053460
Phan, R.C.: Mini advanced encryption standard (Mini-AES): a testbed for cryptanalysis students. Cryptologia 26(4), 283–306 (2002). https://doi.org/10.1080/0161-110291890948
Shibutani, K., Isobe, T., Hiwatari, H., Mitsuda, A., Akishita, T., Shirai, T.: Piccolo: an ultra-lightweight blockcipher. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 342–357. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-23951-9_23
Stuart, A.: A test for homogeneity of the marginal distribution of a two-way classification. Biometrika 42, 412–416 (1955). https://doi.org/10.1093/biomet/42.3-4.412
Todo, Y.: Impossible differential attack against 14-round Piccolo-80 without relying on full code book. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. 99-A(1), 154–157 (2016). https://doi.org/10.1587/transfun.E99.A.154
Tolba, M., Abdelkhalek, A., Youssef, A.M.: Meet-in-the-middle attacks on reduced round Piccolo. In: Güneysu, T., Leander, G., Moradi, A. (eds.) LightSec 2015. LNCS, vol. 9542, pp. 3–20. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-29078-2_1
Wang, M., Cui, T., Chen, H., Sun, L., Wen, L., Bogdanov, A.: Integrals go statistical: cryptanalysis of full skipjack variants. In: Peyrin, T. (ed.) FSE 2016. LNCS, vol. 9783, pp. 399–415. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-52993-5_20
Wang, Y., Wu, W., Yu, X.: Biclique cryptanalysis of reduced-round piccolo block cipher. In: Ryan, M.D., Smyth, B., Wang, G. (eds.) ISPEC 2012. LNCS, vol. 7232, pp. 337–352. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29101-2_23
Acknowledgments
The authors would like to thank the anonymous reviewers whose comments greatly improved this paper. Also thanks to Giovanni Uchoa de Assis for editorial improvements. This work was supported by Qingdao Innovation project (Grant No. QDBSH20230101008), Quan Cheng Laboratory (Grant No. QCLZD202306), the National Key Research and Development Program of China (Grant No. 2018YFA0704702), the Major Basic Research Project of Natural Science Foundation of Shandong Province, China (Grant No. ZR202010220025), the National Natural Science Foundation of China (Grant No. 62032014), and the Program of Qilu Young Scholars (Grant No. 61580082063088) of Shandong University.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Li, M., Mouha, N., Sun, L., Wang, M. (2024). Probabilistic Related-Key Statistical Saturation Cryptanalysis. In: Carlet, C., Mandal, K., Rijmen, V. (eds) Selected Areas in Cryptography – SAC 2023. SAC 2023. Lecture Notes in Computer Science, vol 14201. Springer, Cham. https://doi.org/10.1007/978-3-031-53368-6_11
Download citation
DOI: https://doi.org/10.1007/978-3-031-53368-6_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-53367-9
Online ISBN: 978-3-031-53368-6
eBook Packages: Computer ScienceComputer Science (R0)