Abstract
Piccolo is a lightweight block cipher that adopts a generalized Feistel network structure with 4 branches, each of which is 16 bit long. The key length is 80 or 128 bit, denoted by Piccolo-80 and Piccolo-128, respectively. In this paper, we mounted meet-in-the-middle attacks on 14-round Piccolo-80 without preand post-whitening keys and 18-round Piccolo-128 with post-whitening keys by exploiting the properties of the key schedule and Maximum Distance Separable (MDS) matrix. For Piccolo-80, we first constructed a 5-round distinguisher. Then 4 rounds and 5 rounds were appended at the beginning and at the end, respectively. Based on this structure, we mounted an attack on 14-round Piccolo-80 from the 5th round to the 18th round. The data, time, and memory complexities were 252 chosen plaintexts, 267.44 encryptions, and 264.91 blocks, respectively. For Piccolo-128, we built a 7-round distinguisher to attack 18-round Piccolo-128 from the 4th round to the 21st round. The data, time, and memory complexities were 252 chosen plaintexts, 2126.63 encryptions, and 2125.29 blocks, respectively. If not considering results on biclique cryptanalysis, these are currently the best public results on this reduced version of the Piccolo block cipher.
Similar content being viewed by others
References
Bogdanov A, Knudsen L R, Leander G, et al. PRESENT: an ultra-lightweight block cipher. In: Cryptographic Hardware and Embedded Systems-CHES 2007. Berlin: Springer-Verlag, 2007. 450–466
Wu W, Zhang L. LBlock: a lightweight block cipher. In: Applied Cryptography and Network Security-ACNS 2011. Berlin: Springer-Verlag, 2011. 327–344
Guo J, Peyrin T, Poschmann A, et al. The LED block cipher. In: Cryptographic Hardware and Embedded Systems-CHES 2011. Berlin: Springer-Verlag, 2011. 326–341
Shibutani K, Isobe T, Hiwatari H, et al. Piccolo: an ultra-lightweight blockcipher. In: Cryptographic Hardware and Embedded Systems-CHES 2011. Berlin: Springer-Verlag, 2011. 342–357
Suzaki T, Minematsu K, Morioka S, et al. TWINE: a lightweight block cipher for multiple platforms. In: Selected Areas in Cryptography-SAC 2012. Berlin: Springer-Verlag, 2013. 339–354
Isobe T, Shibutani K. Security analysis of the lightweight block ciphers XTEA, LED and Piccolo. In: Proceedings of Australasian Conference on Information Security and Privacy-ACISP 2012. Berlin: Springer-Verlag, 2012. 71–86
Minier M. On the security of Piccolo lightweight block cipher against related-key impossible differentials. In: Progress in Cryptology-INDOCRYPT 2013. Berlin: Springer-Verlag, 2013. 308–318
Azimi S, Ahmadian Z, Mohajeri J, et al. Impossible differential cryptanalysis of Piccolo lightweight block cipher. In: Proceedings of International ISC Conference on Information Security and Cryptology-ISCISC 2014. Piscataway: IEEE, 2014. 89–94
Huang J L, Lai X J. What is the effective key length for a block cipher: an attack on every practical block cipher. Sci China Inf Sci, 2014, 57: 072110
Tolba M, Abdelkhalek A, Youssef A M. Meet-in-the-middle attacks on reduced round Piccolo. In: Lightweight Cryptography for Security and Privacy-LightSec 2015. Berlin: Springer-Verlag, 2016. 3–20
Jeong K, Kang H, Lee C, et al. Biclique cryptanalysis of lightweight block ciphers PRESENT, Piccolo and LED. IACR Cryptology ePrint Archive, 2012, 2012: 621
Wang Y, Wu W, Yu X. Biclique cryptanalysis of reduced-round Piccolo block cipher. In: Information Security Practice and Experience-ISPEC 2012. Berlin: Springer-Verlag, 2012. 337–352
Ahmadi S, Ahmadian Z, Mohajeri J, et al. Low-data complexity biclique cryptanalysis of block ciphers with application to Piccolo and HIGHT. IEEE Trans Inf Foren Sec, 2014, 9: 1641–1652
Jeong K. Cryptanalysis of block cipher Piccolo suitable for cloud computing. J Supercomput, 2013, 66: 829–840
Song J, Lee K, Lee H. Biclique cryptanalysis on lightweight block cipher: HIGHT and Piccolo. Int J Comput Math, 2013, 90: 2564–2580
Gong Z, Liu S, Wen Y, et al. Biclique cryptanalysis using balanced complete bipartite subgraphs. Sci China Inf Sci, 2016, 59: 049101
Biryukov A, Derbez P, Perrin L. Differential analysis and meet-in-the-middle attack against round-reduced TWINE. In: Fast Software Encryption-FSE 2015. Berlin: Springer-Verlag, 2015. 3–27
Demirci H, Sel¸cuk A A. A meet-in-the-middle attack on 8-round AES. In: Fast Software Encryption-FSE 2008. Berlin: Springer-Verlag, 2008. 116–126
Chen J, Li L. Low data complexity attack on reduced camellia-256. In: Proceedings of Australasian Conference on Information Security and Privacy-ACISP 2012. Berlin: Springer-Verlag, 2012. 101–114
Bogdanov A, Rechberger C. A 3-subset meet-in-the-middle attack: cryptanalysis of the lightweight block cipher KTANTAN. In: Selected Areas in Cryptography-SAC 2010. Berlin: Springer-Verlag, 2011. 229–240
Jia K, Yu H, Wang X. A meet-in-the-middle attack on the full kasumi. IACR Cryptol ePrint Archive, 2011, 2011: 466
Aoki K, Sasaki Y. Preimage attacks on one-block MD4, 63-step MD5 and more. In: Selected Areas in Cryptography-SAC 2008. Berlin: Springer-Verlag, 2009. 103–119
Sasaki Y, Aoki K. Finding preimages in full MD5 faster than exhaustive search. In: Advances in Cryptology-EUROCRYPT 2009. Berlin: Springer-Verlag, 2009. 134–152
Dunkelman O, Keller N, Shamir A. Improved single-key attacks on 8-round AES-192 and AES-256. In: Advances in Cryptology-ASIACRYPT 2010. Berlin: Springer-Verlag, 2010. 158–176
Derbez P, Fouque P-A, Jean J. Improved key recovery attacks on reduced-round AES in the single-key setting. In: Advances in Cryptology C EUROCRYPT 2013. Berlin: Springer-Verlag, 2013. 371–387
Li L, Jia K, Wang X. Improved single-key attacks on 9-round AES-192/256. In: Fast Software Encryption-FSE 2015. Berlin: Springer-Verlag, 2015. 127–146
Guo J, Jean J, Nikolic I, et al. Meet-in-the-middle attacks on generic Feistel constructions. In: Advances in Cryptology-ASIACRYPT 2014. Berlin: Springer-Verlag, 2014. 458–477
Guo J, Yu S. Extended meet-in-the-middle attacks on some Feistel constructions. Design Code Cryptogr, 2016, 80: 587–618
Guo J, Jean J, Nikolic I, et al. Meet-in-the-middle attacks on classes of contracting and expanding Feistel constructions. IACR Transact Symmetric Cryptol, 2017, 2016: 307–337
Acknowledgements
This work was supported by National Natural Science Foundation of China (Grant Nos. 61402288, 61672347, 61772129, 61472250), National Basic Research Program of China (Grant No. 2013CB338004), Shanghai Natural Science Foundation (Grant Nos. 15ZR1400300, 16ZR1401100), Innovation Program of Shanghai Municipal Education Commission (Grant No. 14ZZ066), Opening Project of Shanghai Key Laboratory of Integrated Administration Technologies for Information Security(Grant No. AGK201703). The authors are grateful to Dr. Lei WANG and the reviewers for their valuable suggestions and comments.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Liu, Y., Cheng, L., Liu, Z. et al. Improved meet-in-the-middle attacks on reduced-round Piccolo. Sci. China Inf. Sci. 61, 032108 (2018). https://doi.org/10.1007/s11432-016-9157-y
Received:
Revised:
Accepted:
Published:
DOI: https://doi.org/10.1007/s11432-016-9157-y