Skip to main content
SpringerLink
Log in

Improved algebraic attacks on lightweight block ciphers

  • Regular Paper
  • Published:
Journal of Cryptographic Engineering Aims and scope Submit manuscript

Abstract

This paper proposes improved algebraic attacks that are effective for lightweight block ciphers. Concretely, we propose a new framework that leverages on algebraic preprocessing as well as modern SAT solvers to perform algebraic cryptanalysis on block ciphers. By combining with chosen plaintext attacks, we show that our framework can be applied to lightweight block ciphers that exhibit a nice differential trail. In particular, we demonstrate our techniques by performing algebraic cryptanalysis on both the Present cipher and the Simon cipher. For the Present cipher, we successfully solved up to 9 rounds with at most 32 key bits fixed and 8 chosen plaintexts. On the other hand, for the Simon cipher, we tested our method on Simon-32/64 and Simon-64/128. For these two versions, our attack can solve up to 13 rounds with only 8 chosen plaintexts by fixing 4 and 6 key bits for Simon-32/64 and Simon-64/128, respectively. Further, by considering a class of weak keys, we can extend our attacks to 16 rounds. As far as we are aware, these are the best algebraic attacks on these ciphers in the literature.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2

Similar content being viewed by others

Notes

  1. See [38] for more details about these parameters.

References

  1. Albrecht, M.R., Cid, C.: Algebraic techniques in differential cryptanalysis. In: Dunkelman, O. (ed.) Fast Software Encryption, 16th International Workshop, FSE 2009, Leuven, Belgium, February 22–25, 2009, Revised Selected Papers, pp. 193–208. Springer, Berlin (2009)

  2. Bard, G.V., Courtois, N., Jefferson, C.: Efficient methods for conversion and solution of sparse systems of low-degree multivariate polynomials over gf(2) via sat-solvers. IACR Cryptol. ePrint Arch. 2007, 24 (2007)

    Google Scholar 

  3. Beaulieu, R., Shors, D., Smith, J., Treatman-Clark, S., Weeks, B., Wingers, L.: The SIMON and SPECK families of lightweight block ciphers. IACR Cryptol. ePrint Arch. (2013). https://eprint.iacr.org/2013/404

  4. Biere, A., Biere, A., Heule, M., van Maaren, H., Walsh, T.: Handbook of Satisfiability: Volume 185 Frontiers in Artificial Intelligence and Applications. IOS Press, Amsterdam (2009)

    MATH  Google Scholar 

  5. Biham, E., Shamir, A.: Differential cryptanalysis of des-like cryptosystems. In: Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology, CRYPTO ’90, pp. 2–21 (1991)

  6. Biryukov, A., Roy, A., Velichkov, V.: Differential analysis of block ciphers SIMON and SPECK. In: FSE (2014)

  7. Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J., Seurin, Y., Vikkelsoe, C.: PRESENT: An Ultra-Lightweight Block Cipher. Springer, Berlin (2007)

    MATH  Google Scholar 

  8. Bosma, W., Cannon, J., Playoust, C.: The Magma algebra system. I. The user language. J. Symb. Comput. 24(3–4), 235–265 (1997). https://doi.org/10.1006/jsco.1996.0125. Computational algebra and number theory (London, 1993)

    Article  MathSciNet  MATH  Google Scholar 

  9. Buchberger, B.: Ein algorithmus zum auffinden der basiselemente des restklassenringes nach einem nulldimensionalen polynomideal. Dissertation der Universitat Innsbruck (1965)

  10. Canniére, C.D., Preneel, B.: Trivium. In: New Stream Cipher Designs, pp. 244–266. Springer, Berlin, Heidelberg (2008)

  11. Chu, Z., Chen, H., Wang, X., Dong, X., Li, L.: Improved integral attacks on SIMON32 and SIMON48 with dynamic key-guessing techniques. Secur. Commun. Netw. 2018, 5160237:1–5160237:11 (2018)

    Article  Google Scholar 

  12. Courtois, N., Bard, G.V., Wagner, D.A.: Algebraic and slide attacks on KeeLoq. In: FSE, Lecture Notes in Computer Science, vol. 5086, pp. 97–115. Springer, Berlin (2008)

  13. Courtois, N., Klimov, A., Patarin, J., Shamir, A.: Efficient algorithms for solving overdefined systems of multivariate polynomial equations. In: Advances in Cryptology—EUROCRYPT 2000, pp. 392–407. Springer, Berlin (2000)

  14. Courtois, N., Mourouzis, T., Song, G., Sepehrdad, P., Susil, P.: Combined algebraic and truncated differential cryptanalysis on reduced-round Simon. In: SECRYPT 2014—Proceedings of the 11th International Conference on Security and Cryptography, Vienna, Austria, 28–30 August, 2014, pp. 399–404 (2014)

  15. Courtois, N.T., Bard, G.V.: Algebraic cryptanalysis of the data encryption standard. In: IMA International Conference on Cryptography and Coding, pp. 152–169. Springer, Berlin, Heidelberg (2007)

  16. Courtois, N.T., Meier, W.: Algebraic attacks on stream ciphers with linear feedback. In: Advances in Cryptology—EUROCRYPT 2003, pp. 345–359. Springer, Berlin (2003)

  17. Courtois, N.T., Nohl, K., O’Neil, S.: Algebraic attacks on the crypto-1 stream cipher in MiFare classic and oyster cards (2008). http://eprint.iacr.org/2008/166. N.courtois@ucl.ac.uk 13983. Received 13 Apr 2008, last revised 14 Apr 2008

  18. Courtois, N.T., Patarin, J.: About the XL algorithm over GF(2). In: Topics in Cryptology—CT-RSA 2003, pp. 141–157. Springer, Berlin (2003)

  19. Courtois, N.T., Pieprzyk, J.: Cryptanalysis of block ciphers with overdefined systems of equations. In: Advances in Cryptology—ASIACRYPT 2002, pp. 267–287. Springer, Berlin (2002)

  20. Courtois, N.T., Sepehrdad, P., Sušil, P., Vaudenay, S.: Elimlin algorithm revisited. In: Fast Software Encryption, pp. 306–325. Springer, Berlin (2012)

  21. Daemen, J., Knudsen, L., Rijmen, V.: The block cipher square. In: International Workshop on Fast Software Encryption, pp. 149–165. Springer, Berlin (1997)

  22. Davis, M., Logemann, G., Loveland, D.: A machine program for theorem-proving. Commun. ACM 5(7), 394–397 (1962)

    Article  MathSciNet  Google Scholar 

  23. Davis, M., Putnam, H.: A computing procedure for quantification theory. J. ACM 7(3), 201–215 (1960)

    Article  MathSciNet  Google Scholar 

  24. Een, N., Sorensson, N.: An extensible sat-solver. In: Giunchiglia, E., Tacchella, A (eds.) SAT, Lecture Notes in Computer Science, vol. 2919, pp. 502–518. Springer, Berlin (2003)

  25. Faugere, J.C.: A new efficient algorithm for computing Gröbner bases (F4). J. Pure Appl. algebra 139(1), 61–88 (1999)

    Article  MathSciNet  Google Scholar 

  26. Faugere, J.C.: A new efficient algorithm for computing gröbner bases without reduction to zero (f 5). In: Proceedings of ISSAC, pp. 75–83. ACM (2002)

  27. Fengjuan, C., Xiao-Shan, G., Chunming, Y.: A characteristic set method for solving Boolean equations and applications in cryptanalysis of stream ciphers*. J. Syst. Sci. Complex. 21(2), 191–208 (2008)

    Article  MathSciNet  Google Scholar 

  28. Ganesh, V., Liang, J.H.: Maplesat. https://sites.google.com/a/gsd.uwaterloo.ca/maplesat/. Accessed 28 Nov 2017

  29. Hell, M., Johansson, T., Meier, W.: Grain: a stream cipher for constrained environments. Int. J. Wire. Mob. Comput. 2(1), 86–93 (2007)

    Article  Google Scholar 

  30. Huang, Z., Sun, Y., Lin, D.: On the efficiency of solving Boolean polynomial systems with the characteristic set method. arXiv preprint arXiv:1405.4596 (2014)

  31. Kölbl, S., Leander, G., Tiessen, T.: Observations on the SIMON block cipher family. In: Annual Cryptology Conference, pp. 161–185. Springer, Berlin (2015)

  32. Leander, G., Abdelraheem, M.A., AlKhzaimi, H., Zenner, E.: A cryptanalysis of PRINT cipher: the invariant subspace attack. In: Annual Cryptology Conference, pp. 206–221. Springer, Berlin (2011)

  33. Li, C., Preneel, B.: Improved interpolation attacks on cryptographic primitives of low algebraic degree. In: Paterson, K.G., Stebila, D. (eds.) Selected Areas in Cryptography—SAC 2019—26th International Conference, Waterloo, ON, Canada, August 12–16, 2019, Revised Selected Papers, Lecture Notes in Computer Science, vol. 11959, pp. 171–193. Springer, Berlin (2019)

  34. Matsui, M.: Linear cryptanalysis method for DES cipher. In: Workshop on the Theory and Application of Cryptographic Techniques on Advances in Cryptology, EUROCRYPT ’93, pp. 386–397 (1994)

  35. Murphy, S., Robshaw, M.J.B.: Essential algebraic structure within the AES. In: Advances in Cryptology—CRYPTO 2002, 22nd Annual International Cryptology Conference, Santa Barbara, California, USA, August 18–22, 2002, Proceedings, pp. 1–16 (2002)

  36. Nakahara Jr, J., Sepehrdad, P., Zhang, B., Wang, M.: Linear (hull) and algebraic cryptanalysis of the block cipher PRESENT. In: Cryptology and Network Security, pp. 58–75. Springer, Berlin (2009)

  37. Raddum, H.: Algebraic analysis of the Simon block cipher family. In: Progress in Cryptology—LATINCRYPT 2015—4th International Conference on Cryptology and Information Security in Latin America, Guadalajara, Mexico, August 23–26, 2015, Proceedings, pp. 157–169 (2015)

  38. Sage: An ANF to CNF Converter Using a Dense/Sparse Strategy. http://doc.sagemath.org/html/en/reference/sat/sage/sat/converters/polybori.html. Accessed 28 Nov 2017

  39. Sepehrdad, P.: Statistical and algebraic cryptanalysis of lightweight and ultra-lightweight symmetric primitives. Ph.D. thesis, École Polytechnique Fédérale de Lausanne (2012)

  40. Shimoyama, T., Kaneko, T.: Quadratic relation of s-box and its application to the linear attack of full round DES. In: Advances in Cryptology—CRYPTO ’98, 18th Annual International Cryptology Conference, Santa Barbara, California, USA, August 23–27, 1998, Proceedings, pp. 200–211 (1998)

  41. Soos, M.: Cryptominisat 5.0.1. https://www.msoos.org/2016/09/cryptominisat-5-0-1-released-with-mit-license/. Accessed 28 Nov 2017

  42. Soos, M., Nohl, K., Castelluccia, C.: Extending SAT solvers to cryptographic problems. In: Kullmann, O. (ed.) SAT, Lecture Notes in Computer Science, vol. 5584, pp. 244–257. Springer, Berlin (2009)

  43. Yeo, S.L., Li, Z., Khoo, K., Low, Y.B.: An enhanced binary characteristic set algorithm and its applications to algebraic cryptanalysis. In: Applied Cryptography and Network Security—15th International Conference, ACNS 2017, Kanazawa, Japan, July 10–12, 2017, Proceedings, pp. 518–536 (2017)

Download references

Author information

Authors and Affiliations

  1. Institute for Infocomm Research, 1 Fusionopolis Way, Singapore, 138632, Singapore

    Sze Ling Yeo

  2. Canadian Institute for Cybersecurity, UNB, NRC Building, 46 Dineen Drive, Fredericton, Canada

    Duc-Phong Le

  3. DSO National Laboratories, 12 Science Park Drive, Singapore, 118225, Singapore

    Khoongming Khoo

Authors
  1. Sze Ling Yeo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Duc-Phong Le
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Khoongming Khoo
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Duc-Phong Le.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

The research is supported by The Defence Science Organization, Singapore under the project agreement.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Yeo, S.L., Le, DP. & Khoo, K. Improved algebraic attacks on lightweight block ciphers. J Cryptogr Eng 11, 1–19 (2021). https://doi.org/10.1007/s13389-020-00237-4

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13389-020-00237-4

Keywords

Search

Navigation