Abstract
Simpira v2 is a family of cryptographic permutations proposed at ASIACRYPT 2016, and can be used to construct high throughput block ciphers by using the Even-Mansour construction, permutationbased hashing, and wide-block authenticated encryption. This paper shows a 9-round impossible differential of Simpira-4. To the best of our knowledge, this is the first 9-round impossible differential. To determine some efficient key recovery attacks on its block cipher mode (Even-Mansour construction with Simpira-4), we use some 6/7-round shrunken impossible differentials. Based on eight 6-round impossible differentials, we propose a series of 7-round key recovery attacks on the block cipher mode; each 6-round impossible differential helps recover 32 bits of the master key (512 bits), and in total, half of the master key bits are recovered. The attacks require 257 chosen plaintexts and 257 7-round encryptions. Furthermore, based on ten 7-round impossible differentials, we add one round on the top or at the bottom to mount ten 8-round key recovery attacks on the block cipher mode. This helps recover the full key space (512 bits) with a data complexity of 2170 chosen plaintexts and time complexity of 2170 8-round encryptions. Those are the first attacks on the round-reduced Simpira v2 and do not threaten the Even-Mansour mode with the full 15-round Simpira-4.
Similar content being viewed by others
References
Daemen J, Rijmen V. The Design of Rijndael. Berlin: Springer, 2002
Mala H, Dakhilailian M, Rijmen V, et al. Improved impossible differential cryptanalysis of 7-round AES-128. In: Proceedings of International Conference on Cryptology in India. Berlin: Springer-Verlag, 2010. 282–291
Lu J Q, Dunkelman O, Keller N, et al. New impossible differential attacks on AES. In: Proceedings of International Conference on Cryptology in India. Berlin: Springer-Verlag, 2008. 279–293
Zhang W T, Wu W L, Feng D G. New results on impossible differential cryptanalysis of reduced AES. In: Proceedings of International Conference on Information Security and Cryptology. Berlin: Springer-Verlag, 2007. 239–250
Daemen J, Knudsen L, Rijmen V. The block cipher Square. In: Proceedings of International Workshop on Fast Software Encryption. Berlin: Springer-Verlag, 1997. 149–165
Gilber H, Minier M. A collision attack on 7 rounds of Rijndael. In: Proceedings of AES Candidate Conference, New York, 2000. 230–241
Dunkelman O, Keller N, Shamir A. Improved single-key attacks on 8-round AES-192 and AES-256. In: Advances in Cryptology — ASIACRYPT 2010. Berlin: Springer-Verlag, 2010. 158–176
Derbez P, Fouque P, Jean J. Improved key recovery attacks on reduced-round AES in the single-key setting. In: Advances in Cryptology — EUROCRYPT 2013. Berlin: Springer-Verlag, 2013. 371–387
Li L B, Jia K T, Wang X Y. Improved single-key attacks on 9-round AES-192/256. In: Fast Software Encryption. Berlin: Springer-Verlag, 2015. 127–146
Biryukov A, Khovratovich D. Related-key cryptanalysis of the full AES-192 and AES-256. In: Advances in Cryptology — ASIACRYPT 2009. Berlin: Springer-Verlag, 2009. 1–18
Biryukov A, Khovratovich D, Nikolić I. Distingsuiher and related-key attack on the full AES-256. In: Advances in Cryptology — CRYPTO 2009. Berlin: Springer-Verlag, 2009. 231–249
Sun B, Liu M C, Guo J, et al. New insights on AES-like SPN ciphers. In: Advances in Cryptology — CRYPTO 2016. Berlin: Springer-Verlag, 2016. 605–624
Grassi L, Rechberger C, Rønjom S. Subspace trail cryptanalysis and its applications to AES. IACR Trans Symmetric Cryptol, 2016, 2016: 192–225
Gueron S, Mouha N. Simpira v2: a family of efficient permutations using the AES round function. In: Advances in Cryptology — ASIACRYPT 2016. Berlin: Springer-Verlag, 2016. 95–125
Dunkelman O, Keller N, Shamir A. Minimalism in cryptography: the Even-Mansour scheme revisited. In: Advances in Cryptology — EUROCRYPT 2012. Berlin: Springer-Verlag, 2012. 336–354
Even S, Mansour Y. A construction of a cipher from a single pseudorandom permutation. J Cryptology, 1997, 10: 151–161
Dobraunig C, Eichlseder M, Mendel F. Cryptanalysis of Simpira v1. In: Selected Areas in Cryptography, Newfoundland, 2016, in press
Rønjom S. Invariant subspaces in Simpira. Cryptology ePrint Archive, Report, 2016. http://eprint.iacr.org/2016/248. pdf
Knudsen L R. DEAL — a 128-bit block cipher. Complexity, 1998, 258: 216
Biham E, Biryukov A, Shamir A. Cryptanalysis of Skipjack reduced to 31 rounds using impossible differentials. In: Advances in Cryptology — EUROCRYPT 1999. Berlin: Springer-Verlag, 1999. 12–23
Sun S W, Hu L, Wang M Q, et al. Constructing mixed-integer programming models whose feasible region is exactly the set of all valid differential characteristics of SIMON. Cryptology ePrint Archive, Report, 2015. http://eprint.iacr.org/2015/122.pdf
Sun S W, Hu L, Wang M Q, et al. Mixed integer programming models for finite automaton and its application to additive differential patterns of exclusive-or. Cryptology ePrint Archive, Report, 2016. http://eprint.iacr.org/2016/338.pdf
Cui T T, Jia K T, Fu K, et al. New automatic search tool for impossible differentials and zero-correlation linear approximations. Cryptology ePrint Archive, Report, 2016. http://eprint.iacr.org/2016/689.pdf
Daemen J, Rijmen V. Understanding two-round differentials in aes. In: Proceedings of International Conference on Security and Crytography for Networks. Berlin: Springer-Verlag, 2006. 78–94
Acknowledgements
This work was supported by National Basic Research Program of China (973 Program) (Grant No. 2013CB834205), National Natural Science Foundation of China (Grant No. 61672019), Fundamental Research Funds of Shandong University (Grant No. 2016JC029), and Foundation of Science and Technology on Information Assurance Laboratory (Grant No. KJ-15-002).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Zong, R., Dong, X. & Wang, X. Impossible differential attack on Simpira v2. Sci. China Inf. Sci. 61, 032106 (2018). https://doi.org/10.1007/s11432-016-9075-6
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s11432-016-9075-6