TY - GEN
T1 - Cryptanalysis of SP networks with partial non-linear layers
AU - Bar-On, Achiya
AU - Dinur, Itai
AU - Dunkelman, Orr
AU - Lallemand, Virginie
AU - Keller, Nathan
AU - Tsaban, Boaz
N1 - Publisher Copyright:
© International Association for Cryptologic Research 2015.
PY - 2015/1/1
Y1 - 2015/1/1
N2 - Design of SP networks in which the non-linear layer is applied to only a part of the state in each round was suggested by Gérard et al. at CHES 2013. Besides performance advantage on certain platforms, such a design allows for more efficient masking techniques that can mitigate side-channel attacks with a small performance overhead. In this paper we present generic techniques for differential and linear cryptanalysis of SP networks with partial non-linear layers, including an automated characteristic search tool and dedicated key-recovery algorithms. Our techniques can be used both for cryptanalysis of such schemes and for proving their security with respect to basic differential and linear cryptanalysis, succeeding where previous automated analysis tools seem to fail. We first apply our techniques to the block cipher Zorro (designed by Gérard et al. following their methodology), obtaining practical attacks on the cipher which where fully simulated on a single desktop PC in a few days. Then, we propose a mild change to Zorro, and formally prove its security against basic differential and linear cryptanalysis. We conclude that there is no inherent flaw in the design strategy of Gérard et al., and it can be used in future designs, where our tools should prove useful.
AB - Design of SP networks in which the non-linear layer is applied to only a part of the state in each round was suggested by Gérard et al. at CHES 2013. Besides performance advantage on certain platforms, such a design allows for more efficient masking techniques that can mitigate side-channel attacks with a small performance overhead. In this paper we present generic techniques for differential and linear cryptanalysis of SP networks with partial non-linear layers, including an automated characteristic search tool and dedicated key-recovery algorithms. Our techniques can be used both for cryptanalysis of such schemes and for proving their security with respect to basic differential and linear cryptanalysis, succeeding where previous automated analysis tools seem to fail. We first apply our techniques to the block cipher Zorro (designed by Gérard et al. following their methodology), obtaining practical attacks on the cipher which where fully simulated on a single desktop PC in a few days. Then, we propose a mild change to Zorro, and formally prove its security against basic differential and linear cryptanalysis. We conclude that there is no inherent flaw in the design strategy of Gérard et al., and it can be used in future designs, where our tools should prove useful.
KW - Block cipher
KW - Differential cryptanalysis
KW - Lightweight
KW - Linear cryptanalysis
KW - Zorro
UR - http://www.scopus.com/inward/record.url?scp=84942636312&partnerID=8YFLogxK
U2 - 10.1007/978-3-662-46800-5_13
DO - 10.1007/978-3-662-46800-5_13
M3 - Conference contribution
AN - SCOPUS:84942636312
SN - 9783662467992
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 315
EP - 342
BT - Advances in Cryptology – EUROCRYPT 2015 - 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings
A2 - Fischlin, Marc
A2 - Oswald, Elisabeth
PB - Springer Verlag
T2 - 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Eurocrypt 2015
Y2 - 26 April 2015 through 30 April 2015
ER -