Abstract
Lightweight cryptography aims to provide sufficient security with low area/power/energy requirements for constrained devices. In this paper, we focus on the lightweight encryption algorithm specified and approved in NRS 009-6-7:2002 by Electricity Suppliers Liaison Committee to be used with tokens in prepayment electricity dispensing systems in South Africa. The algorithm is a 16-round SP network with 64-bit key using two 4-to-4 bit S-boxes and a 64-bit permutation. The S-boxes and the permutation are kept secret and provided only to the manufacturers of the system under license conditions. We present related-key slide attacks to recover the secret key and secret components using four scenarios; (i) known S-box and permutation with 248 time complexity using 216 + 1 chosen plaintexts; (ii) unknown S-box and known permutation with 255 time complexity using 222.71 + 1 chosen plaintexts; (iii) known S-box and unknown permutation with 248 time complexity using 216 + 1 chosen plaintexts and 212.28 adaptively chosen plaintexts; and finally, (iv) unknown S-box and permutation, with 248 time complexity using 222.71 + 1 chosen plaintexts and 231.29 adaptively chosen plaintexts. We also extend these attacks to recover the secret components in a chosen-key setting with practical complexities.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Feldhofer, M., Wolkerstorfer, J., Rijmen, V.: AES Implementation on a Grain of Sand. IEE Proceedings / Information Security 152, 13–20 (2005)
Hamalainen, P., Alho, T., Hannikainen, M., Hamalainen, T.D.: Design and Implementation of Low-Area and Low-Power AES Encryption Hardware Core. In: Proceedings of the 9th EUROMICRO Conference on Digital System Design, DSD 2006, pp. 577–583. IEEE Computer Society, Washington, DC (2006)
Moradi, A., Poschmann, A., Ling, S., Paar, C., Wang, H.: Pushing the Limits: A Very Compact and a Threshold Implementation of AES. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 69–88. Springer, Heidelberg (2011)
Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M., Seurin, Y., Vikkelsoe, C.: PRESENT: An Ultra-Lightweight Block Cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007)
Hong, D., Sung, J., Hong, S., Lim, J., Lee, S., Koo, B., Lee, C., Chang, D., Lee, J., Jeong, K., Kim, H., Kim, J., Chee, S.: HIGHT: A New Block Cipher Suitable for Low-Resource Device. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 46–59. Springer, Heidelberg (2006)
Leander, G., Paar, C., Poschmann, A., Schramm, K.: New Lightweight DES Variants. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 196–210. Springer, Heidelberg (2007)
Knudsen, L.R., Leander, G., Poschmann, A., Robshaw, M.J.B.: PRINTcipher: A Block Cipher for IC-Printing. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 16–32. Springer, Heidelberg (2010)
Wagner, D., Briceno, M., Goldberg, I.: A Pedagogical Implementation of the GSM A5/1 and A5/2 ”voice privacy” encryption algorithms, http://www.scard.org/gsm/a51.html (accessed January 23, 2013)
4C Entity. C2 Block Cipher Specification, Revision 1.0, http://www.4centity.com/
Borghoff, J., Knudsen, L.R., Leander, G., Matusiewicz, K.: Cryptanalysis of C2. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 250–266. Springer, Heidelberg (2009)
NRS 009-6-7:2002. Rationalized User Specification, Electricity Sales Systems, Part 6: Interface standards Section 7: Standard Transfer Specification/Credit Dispensing Unit – Electricity dispenser – Token Encoding and Data Encryption and Decryption (2002)
Borghoff, J., Knudsen, L.R., Leander, G., Thomsen, S.S.: Cryptanalysis of PRESENT-Like Ciphers with Secret S-Boxes. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 270–289. Springer, Heidelberg (2011)
Borghoff, J., Knudsen, L.R., Leander, G., Thomsen, S.S.: Slender-Set Differential Cryptanalysis. J. Cryptology 26(1), 11–38 (2013)
Biryukov, A., Wagner, D.: Slide Attacks. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, pp. 245–259. Springer, Heidelberg (1999)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Sönmez Turan, M. (2013). Related-Key Slide Attacks on Block Ciphers with Secret Components. In: Avoine, G., Kara, O. (eds) Lightweight Cryptography for Security and Privacy. LightSec 2013. Lecture Notes in Computer Science, vol 8162. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40392-7_3
Download citation
DOI: https://doi.org/10.1007/978-3-642-40392-7_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-40391-0
Online ISBN: 978-3-642-40392-7
eBook Packages: Computer ScienceComputer Science (R0)