TY - GEN
T1 - Improved linear sieving techniques with applications to step-reduced LED-64
AU - Dinur, Itai
AU - Dunkelman, Orr
AU - Keller, Nathan
AU - Shamir, Adi
N1 - Publisher Copyright:
© International Association for Cryptologic Research 2015.
PY - 2015/1/1
Y1 - 2015/1/1
N2 - In this paper, we present advanced meet-in-the-middle (MITM) attacks against the lightweight block cipher LED-64, improving the best known attacks on several step-reduced variants of the cipher in both single-key and related-key models. In particular, we present a known-plaintext attack on 2-step LED-64 with complexity of 248 and a related-key attack on 3-step LED-64 with complexity of 249. In both cases, the previously known attacks have complexity of 260, i.e., only 16 times faster than exhaustive key search. While our attacks are applied to the specific scheme of LED-64, they contain several general methodological contributions: First, we present the linear key sieve technique, which allows to exploit linear dependencies between key bits to obtain filtering conditions in MITM attacks on block ciphers. While similar ideas have been previously used in the domain of hash functions, this is the first time that such a technique is applied in block cipher cryptanalysis. As a second contribution, we demonstrate for the first time that a splice-and-cut attack (which so far seemed to be an inherently chosen-plaintext technique) can be used in the knownplaintext model, with data complexity which is significantly below the code-book size. Finally, we extend the differential MITM attack on AESbased designs, and apply it independently in two stages from both sides of the cipher, while using the linear key sieve and other enhancements.
AB - In this paper, we present advanced meet-in-the-middle (MITM) attacks against the lightweight block cipher LED-64, improving the best known attacks on several step-reduced variants of the cipher in both single-key and related-key models. In particular, we present a known-plaintext attack on 2-step LED-64 with complexity of 248 and a related-key attack on 3-step LED-64 with complexity of 249. In both cases, the previously known attacks have complexity of 260, i.e., only 16 times faster than exhaustive key search. While our attacks are applied to the specific scheme of LED-64, they contain several general methodological contributions: First, we present the linear key sieve technique, which allows to exploit linear dependencies between key bits to obtain filtering conditions in MITM attacks on block ciphers. While similar ideas have been previously used in the domain of hash functions, this is the first time that such a technique is applied in block cipher cryptanalysis. As a second contribution, we demonstrate for the first time that a splice-and-cut attack (which so far seemed to be an inherently chosen-plaintext technique) can be used in the knownplaintext model, with data complexity which is significantly below the code-book size. Finally, we extend the differential MITM attack on AESbased designs, and apply it independently in two stages from both sides of the cipher, while using the linear key sieve and other enhancements.
KW - AES
KW - Cryptanalysis
KW - Even-Mansour
KW - Known plaintext splice-and-cut
KW - LED
KW - Meet-in-themiddle attack
KW - Splice-and-cut
UR - http://www.scopus.com/inward/record.url?scp=84942531847&partnerID=8YFLogxK
U2 - 10.1007/978-3-662-46706-0_20
DO - 10.1007/978-3-662-46706-0_20
M3 - Conference contribution
AN - SCOPUS:84942531847
SN - 9783662467053
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 390
EP - 410
BT - Fast Software Encryption - 21st International Workshop, FSE 2014, Revised Selected Papers
A2 - Cid, Carlos
A2 - Rechberger, Christian
PB - Springer Verlag
T2 - 21st International Workshop on Fast Software Encryption, FSE 2014
Y2 - 3 March 2014 through 5 March 2014
ER -