TY - GEN
T1 - Cryptanalytic time-memory-data tradeoffs for FX-constructions with applications to PRINCE and PRIDE
AU - Dinur, Itai
N1 - Publisher Copyright:
© International Association for Cryptologic Research 2015.
PY - 2015/1/1
Y1 - 2015/1/1
N2 - The FX-construction was proposed in 1996 by Kilian and Rogaway as a generalization of the DESX scheme. The construction increases the security of an n-bit core block cipher with a κ-bit key by using two additional n-bit masking keys. Recently, several concrete instances of the FX-construction were proposed, including PRINCE (proposed at Asiacrypt 2012) and PRIDE (proposed at CRYPTO 2014). These ciphers have n = κ = 64, and are proven to guarantee about 127 − d bits of security, assuming that their core ciphers are ideal, and the adversary can obtain at most 2d data. In this paper, we devise new cryptanalytic time-memory-data tradeoff attacks on FX-constructions. While our attacks do not contradict the security proof of PRINCE and PRIDE, nor pose an immediate threat to their users, some specific choices of tradeoff parameters demonstrate that the security margin of the ciphers against practical attacks is smaller than expected. Our techniques combine a special form of time-memorydata tradeoffs, typically applied to stream ciphers, with recent analysis of FX-constructions by Fouque, Joux and Mavromati.
AB - The FX-construction was proposed in 1996 by Kilian and Rogaway as a generalization of the DESX scheme. The construction increases the security of an n-bit core block cipher with a κ-bit key by using two additional n-bit masking keys. Recently, several concrete instances of the FX-construction were proposed, including PRINCE (proposed at Asiacrypt 2012) and PRIDE (proposed at CRYPTO 2014). These ciphers have n = κ = 64, and are proven to guarantee about 127 − d bits of security, assuming that their core ciphers are ideal, and the adversary can obtain at most 2d data. In this paper, we devise new cryptanalytic time-memory-data tradeoff attacks on FX-constructions. While our attacks do not contradict the security proof of PRINCE and PRIDE, nor pose an immediate threat to their users, some specific choices of tradeoff parameters demonstrate that the security margin of the ciphers against practical attacks is smaller than expected. Our techniques combine a special form of time-memorydata tradeoffs, typically applied to stream ciphers, with recent analysis of FX-constructions by Fouque, Joux and Mavromati.
KW - Block cipher
KW - Cryptanalysis
KW - DESX
KW - FX-construction
KW - PRIDE
KW - PRINCE
KW - Time-memory-data tradeoff
UR - http://www.scopus.com/inward/record.url?scp=84942636365&partnerID=8YFLogxK
U2 - 10.1007/978-3-662-46800-5_10
DO - 10.1007/978-3-662-46800-5_10
M3 - Conference contribution
AN - SCOPUS:84942636365
SN - 9783662467992
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 231
EP - 253
BT - Advances in Cryptology – EUROCRYPT 2015 - 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings
A2 - Fischlin, Marc
A2 - Oswald, Elisabeth
PB - Springer Verlag
T2 - 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Eurocrypt 2015
Y2 - 26 April 2015 through 30 April 2015
ER -