TY - GEN
T1 - Improved Differential-Linear Attack with Application to Round-Reduced Speck32/64
AU - Wang, Feifan
AU - Wang, Gaoli
N1 - Publisher Copyright:
© 2022, Springer Nature Switzerland AG.
PY - 2022
Y1 - 2022
N2 - Since the differential-linear cryptanalysis was introduced by Langford and Hellman in 1994, there have been many works inheriting and developing this technique. It has been used to attack numerous ciphers, and in particular, sets the record for Serpent, ICEPOLE, Chaskey, 8-round AES, and so on. In CRYPTO 2020, Beierle et al. showed that the data complexity of differential-linear attack can be significantly reduced by generating enough right pairs artificially. In this paper, we manage to find the property in the differential propagation of modular addition. Based on this, we can select special bits to flip to produce right pairs in a certain differential-linear attack. For application, we focus on the differential-linear attack of the ARX cipher Speck32/64. With the differential-linear trail we concatenate, we construct 9-round and 10-round distinguishers with the correlation of 2 11.58 and 2 14.58, respectively. Then we use enough flipped bits to reduce the complexity of the key recovery attack. As a result, we can use only 2 25 chosen plaintexts to attack 14-round Speck32/64 with the time complexity of about 2 62, which has a slight improvement than before. To our best knowledge, this is the first differential-linear attack of the Speck family.
AB - Since the differential-linear cryptanalysis was introduced by Langford and Hellman in 1994, there have been many works inheriting and developing this technique. It has been used to attack numerous ciphers, and in particular, sets the record for Serpent, ICEPOLE, Chaskey, 8-round AES, and so on. In CRYPTO 2020, Beierle et al. showed that the data complexity of differential-linear attack can be significantly reduced by generating enough right pairs artificially. In this paper, we manage to find the property in the differential propagation of modular addition. Based on this, we can select special bits to flip to produce right pairs in a certain differential-linear attack. For application, we focus on the differential-linear attack of the ARX cipher Speck32/64. With the differential-linear trail we concatenate, we construct 9-round and 10-round distinguishers with the correlation of 2 11.58 and 2 14.58, respectively. Then we use enough flipped bits to reduce the complexity of the key recovery attack. As a result, we can use only 2 25 chosen plaintexts to attack 14-round Speck32/64 with the time complexity of about 2 62, which has a slight improvement than before. To our best knowledge, this is the first differential-linear attack of the Speck family.
KW - ARX
KW - Differential-linear cryptanalysis
KW - Speck32/64
UR - https://www.scopus.com/pages/publications/85134294319
U2 - 10.1007/978-3-031-09234-3_39
DO - 10.1007/978-3-031-09234-3_39
M3 - 会议稿件
AN - SCOPUS:85134294319
SN - 9783031092336
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 792
EP - 808
BT - Applied Cryptography and Network Security - 20th International Conference, ACNS 2022, Proceedings
A2 - Ateniese, Giuseppe
A2 - Venturi, Daniele
PB - Springer Science and Business Media Deutschland GmbH
T2 - 20th International Conference on Applied Cryptography and Network Security, ACNS 2022
Y2 - 20 June 2022 through 23 June 2022
ER -