Abstract
In this work, we introduce a new method we call integral by keyspace partitioning to construct integral characteristics for some block ciphers by introducing new integral properties. We introduce the concepts of active with constant difference and identically active integral properties. Then, we divide the key space into equivalence classes and construct integral characteristics for each equivalence class individually by using these integral properties. We exploit the binary diffusion layer and key schedule algorithm of a block cipher to propagate these integral properties through rounds. We apply the new method to the Byte-oriented Substitution-Permutation Network (BSPN) cipher and Midori64 to show its effectiveness. We construct the first iterative integral characteristic for a block cipher to the best of our knowledge. We extend this iterative characteristic for the (M, n)-(BSPN) block cipher where each block of BSPN contains M number of \(n \times n\) S-Boxes with the block and key sizes \(M \cdot n\). Using at most \(\left( {\begin{array}{c}M-1\\ 2\end{array}}\right) +1\) (only 106 when \(M=16\)) chosen plaintexts, we mount key recovery attacks for the first time on BSPN and recover the key for the full round. The time complexity of the key recovery is almost independent of the number of rounds. We also use our method to construct an integral characteristic for Midori64, which can be utilized for a key recovery attack on 11-round Midori64. Our results impose a new security criteria for the design of the key schedule algorithm for some block ciphers.
Similar content being viewed by others
Notes
Related key attacks are ignored.
References
Ankele R., Kölbl S.: Mind the gap-a closer look at the security of block ciphers against differential cryptanalysis. In: International Conference on Selected Areas in Cryptography, pp. 163–190. Springer (2018)
Banik S., Bogdanov A., Isobe T., Shibutani K., Hiwatari H., Akishita T., Regazzoni F.: Midori: A block cipher for low energy. In: International Conference on the Theory and Application of Cryptology and Information Security, pp. 411–436. Springer (2015)
Barreto P., Rijmen V.: The Khazad legacy-level block cipher. Primitive submitted to NESSIE 97, 106 (2000)
Barreto P., Simplicio M.: CURUPIRA, a block cipher for constrained platforms. Anais do 25o Simpsio Brasileiro de Redes de Computadores e Sistemas Distribudos-SBRC 1, 61–74 (2007).
Beyne T.: Block cipher invariants as eigenvectors of correlation matrices. J. Cryptol. 33, 1–28 (2020).
Biham E., Shamir A.: Differential cryptanalysis of DES-like cryptosystems. J. Cryptol. 4(1), 3–72 (1991).
Biryukov A., Shamir A.: Structural cryptanalysis of SASAS. J. Cryptol. 23(4), 505–518 (2010).
Chen Z., Wang X.: Impossible differential cryptanalysis of Midori. In: Mechatronics and Automation Engineering: Proceedings of the International Conference on Mechatronics and Automation Engineering (ICMAE2016), pp. 221–229. World Scientific (2017)
Daemen J., Rijmen V.: Aes proposal: Rijndael (1999)
Daemen J., Knudsen L., Rijmen V.: The block cipher SQUARE. In: International Workshop on Fast Software Encryption, pp. 149–165. Springer (1997)
Derbez P., Fouque P.A.: Increasing precision of division property. IACR Trans. Symmetric Cryptol. 2020(4), 173–194 (2020).
Eskandari Z., Kidmose A.B., Kölbl S., Tiessen T.: Finding integral distinguishers with ease. In: International Conference on Selected Areas in Cryptography, pp. 115–138. Springer (2018)
Ferguson N., Kelsey J., Lucks S., Schneier B., Stay M., Wagner D., Whiting D.: Improved cryptanalysis of Rijndael. In: International Workshop on Fast Software Encryption, pp. 213–230. Springer (2000)
Guo J., Jean J., Nikolic I., Qiao K., Sasaki Y., Sim S.M.: Invariant subspace attack against Midori64 and the resistance criteria for S-box designs. IACR Trans. Symmetric Cryptol. 2016, 33–56 (2016).
Heys H.: Integral cryptanalysis of the BSPN block cipher. In: 2014 27th Biennial Symposium on Communications (QBSC), pp. 153–158. IEEE (2014)
Keliher L.: Differential cryptanalysis of the BSPN block cipher structure (2015)
Knudsen L., Wagner D.: Integral cryptanalysis. In: International Workshop on Fast Software Encryption, pp. 112–127. Springer (2002)
Leander G., Abdelraheem M.A., AlKhzaimi H., Zenner E.: A cryptanalysis of PRINTcipher: The invariant subspace attack. In: P. Rogaway (ed.) Advances in Cryptology - CRYPTO 2011 - 31st Annual Cryptology Conference, Santa Barbara, CA, USA, August 14–18, 2011. Proceedings, Lecture Notes in Computer Science, vol. 6841, pp. 206–221. Springer (2011). https://doi.org/10.1007/978-3-642-22792-9_12
Li Y., Wang M., Ou H., Wang S.: Improved integral analysis on lightweight block cipher Midori. In: 2019 IEEE 5th International Conference on Computer and Communications (ICCC), pp. 1494–1498. IEEE (2019)
Lin L., Wu W.: Meet-in-the-middle attacks on reduced-round Midori64. IACR Trans. Symmetric Cryptol. 2017, 215–239 (2017).
Matsui M.: Linear cryptanalysis method for DES cipher. In: Workshop on the Theory and Application of of Cryptographic Techniques, pp. 386–397. Springer (1993)
Moghaddam A.E., Ahmadian Z.: New automatic search method for truncated-differential characteristics application to Midori. SKINNY CRAFT. Comput. J. 63(12), 1813–1825 (2020). https://doi.org/10.1093/comjnl/bxaa004.
Pub N.F.: 197: Advanced encryption standard (AES). Federal information processing standards publication 197(441), 0311 (2001).
Sasaki Y., Wang L.: Comprehensive study of integral analysis on 22-round LBlock. In: International Conference on Information Security and Cryptology, pp. 156–169. Springer (2012)
Sasaki Y., Wang L.: Meet-in-the-middle technique for integral attacks against Feistel ciphers. In: International Conference on Selected Areas in Cryptography, pp. 234–251. Springer (2012)
Sun L., Wang W., Wang M.Q.: MILP-aided bit-based division property for primitives with non-bit-permutation linear layers. IET Inf. Secur. 14(1), 12–20 (2019).
Takahashi Y., Igarashi Y., Kaneko T.: The 12th-order differential attack on the 10-round variants of Midori64 block cipher. In: 2017 IEEE 31st International Conference on Advanced Information Networking and Applications (AINA), pp. 925–930. IEEE (2017)
Todo Y.: Structural evaluation by generalized integral property. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 287–314. Springer (2015)
Todo Y., Leander G., Sasaki Y.: Nonlinear invariant attack: Practical attack on full SCREAM, iSCREAM, and Midori64. J. Cryptol. 32(4), 1383–1422 (2019).
Youssef A., Tavares S., Heys H.: A new class of substitution-permutation networks. In: Workshop on Selected Areas in Cryptography, SAC, vol. 96, pp. 132–147 (1996)
Z’aba M.R., Raddum H., Henricksen M., Dawson E.: Bit-pattern based integral attack. In: International Workshop on Fast Software Encryption, pp. 363–381. Springer (2008)
Zhang W., Rijmen V.: Division cryptanalysis of block ciphers with a binary diffusion layer. IET Inf. Secur. 13(2), 87–95 (2018).
Zhang X., Heys H.M., Li C.: Energy efficiency of symmetric key cryptographic algorithms in wireless sensor networks. In: 2010 25th Biennial symposium on communications, pp. 168–172. IEEE (2010)
Zhang W., Su B., Wu W., Feng D., Wu C.: Extending higher-order integral: an efficient unified algorithm of constructing integral distinguishers for block ciphers. In: International Conference on Applied Cryptography and Network Security, pp. 117–134. Springer (2012)
Zhang X., Heys H.M., Li C.: Energy efficiency of encryption schemes applied to wireless sensor networks. Secur. Commun. Netw. 5(7), 789–808 (2012).
Acknowledgements
We are grateful to the anonymous reviewers for their constructive comments. Moreover, we would like to thank Mehmet Sabır Kiraz, Ferhat Karakoç and Ali Aydın Selçuk for reading the manuscript and providing us helpful comments.
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by F. Mendel.
The second author is partially supported by TUBITAK 1001 Project under the Grant Number 121E228.
Rights and permissions
About this article
Cite this article
Demirbaş, F., Kara, O. Integral characteristics by keyspace partitioning. Des. Codes Cryptogr. 90, 443–472 (2022). https://doi.org/10.1007/s10623-021-00989-y
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10623-021-00989-y