Abstract
The rapid growth of the Internet of Things together with the increasing popularity of connected objects have created a need for secure, efficient and lightweight ciphers. Among the multitude of candidates, the block cipher PRIDE is, to this day, one of the most efficient solutions for 8-bit micro-controllers. In this paper, we provide new insights and a better understanding of differential attacks of PRIDE. First, we show that two previous attacks are incorrect, and describe (new and old) properties of the cipher that make such attacks intricate. Based on this understanding, we show how to properly mount a differential attack. Our proposal is the first single key differential attack that reaches 18 rounds out of 20. It requires \(2^{61}\) chosen plaintexts and recovers the 128-bit key with a final time complexity of \(2^{63.3}\) encryptions, while requiring a memory of about \(2^{35}\) blocks of 64 bits.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Sect. 5.5 of [1].
- 2.
Due to space limitations, we refer to [1] for the details of the linear layer.
- 3.
Note that simple relations can also be found between other keys; \(K_i\) and \(K_{i+16}\) for instance.
- 4.
It corresponds to what we name in next section the first characteristic of type (I, a), see Table 5.
- 5.
The fourth characteristic of type (II, a) given in Table 5.
- 6.
Here we look at real values instead of truncated differences.
- 7.
Our experiments for up to 7 rounds showed that the probability of the differential matches the one of the characteristic.
- 8.
The computation of the quantities used in this step are detailed in the full version of the paper [10].
- 9.
\(2^{17.38} \cdot (16 \cdot 2^{-17.38}) = 2^4\).
References
Albrecht, M.R., Driessen, B., Kavun, E.B., Leander, G., Paar, C., Yalçın, T.: Block ciphers – focus on the linear layer (feat. PRIDE). In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 57–76. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44371-2_4
Beaulieu, R., Shors, D., Smith, J., Treatman-Clark, S., Weeks, B., Wingers, L.: The SIMON and SPECK lightweight block ciphers. In: Proceedings of the 52nd Annual Design Automation Conference, 2015, pp. 175:1–175:6. ACM (2015)
Dai, Y., Chen, S.: Cryptanalysis of full PRIDE block cipher. Sci. China Inf. Sci. 60(5), 052108:1–052108:12 (2017)
Dinur, I.: Cryptanalytic time-memory-data tradeoffs for FX-constructions with applications to PRINCE and PRIDE. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 231–253. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46800-5_10
Gong, Z., Nikova, S., Law, Y.W.: KLEIN: a new family of lightweight block ciphers. In: Juels, A., Paar, C. (eds.) RFIDSec 2011. LNCS, vol. 7055, pp. 1–18. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-25286-0_1
Guo, J., Jean, J., Mouha, N., Nikolic, I.: More Rounds, Less Security? IACR Cryptology ePrint Archive 2015, 484 (2015)
Karakoç, F., Demirci, H., Harmancı, A.E.: ITUbee: a software oriented lightweight block cipher. In: Avoine, G., Kara, O. (eds.) LightSec 2013. LNCS, vol. 8162, pp. 16–27. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40392-7_2
Kilian, J., Rogaway, P.: How to protect DES against exhaustive key search (an analysis of DESX). J. Cryptol. 14(1), 17–35 (2001)
Lac, B., Beunardeau, M., Canteaut, A., Fournier, J.J., Sirdey, R.: A First DFA on PRIDE: from Theory to Practice (extended version). IACR Cryptology ePrint Archive 2017, 075 (2017)
Lallemand, V., Rasoolzadeh, S.: Differential cryptanalysis of 18-round PRIDE. IACR Cryptology ePrint Archive 2017, 1017 (2017)
Standaert, F.-X., Piret, G., Gershenfeld, N., Quisquater, J.-J.: SEA: a scalable encryption algorithm for small embedded applications. In: Domingo-Ferrer, J., Posegga, J., Schreckling, D. (eds.) CARDIS 2006. LNCS, vol. 3928, pp. 222–236. Springer, Heidelberg (2006). https://doi.org/10.1007/11733447_16
Tezcan, C.: Improbable differential attacks on present using undisturbed bits. J. Comput. Appl. Math. 259, 503–511 (2014)
Tezcan, C., Okan, G.O., Şenol, A., Doğan, E., Yücebaş, F., Baykal, N.: Differential attacks on lightweight block ciphers PRESENT, PRIDE, and RECTANGLE revisited. In: Bogdanov, A. (ed.) LightSec 2016. LNCS, vol. 10098, pp. 18–32. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-55714-4_2
Tezcan, C., Özbudak, F.: Differential factors: improved attacks on SERPENT. In: Eisenbarth, T., Öztürk, E. (eds.) LightSec 2014. LNCS, vol. 8898, pp. 69–84. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-16363-5_5
Yang, Q., Hu, L., Sun, S., Qiao, K., Song, L., Shan, J., Ma, X.: Improved differential analysis of block cipher PRIDE. In: Lopez, J., Wu, Y. (eds.) ISPEC 2015. LNCS, vol. 9065, pp. 209–219. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-17533-1_15
Zhao, J., Wang, X., Wang, M., Dong, X.: Differential Analysis on Block Cipher PRIDE. IACR Cryptology ePrint Archive 2014, 525 (2014)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Lallemand, V., Rasoolzadeh, S. (2017). Differential Cryptanalysis of 18-Round PRIDE. In: Patra, A., Smart, N. (eds) Progress in Cryptology – INDOCRYPT 2017. INDOCRYPT 2017. Lecture Notes in Computer Science(), vol 10698. Springer, Cham. https://doi.org/10.1007/978-3-319-71667-1_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-71667-1_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-71666-4
Online ISBN: 978-3-319-71667-1
eBook Packages: Computer ScienceComputer Science (R0)