Cryptanalysis On Lightweight Block Ciphers

With the development of network technology,an increasing attention is paid to the information security.With the great deployment of RFID tag,smart cards,sensors and other devices which have limited computation ability,storage space and energy supply and other restrictions,the design and cryptanalysis of lightweight ciphers become urgent and attractive,and many lightweight primitives are proposed in the literature.To guarantee the security of these ciphers,a careful study is necessary.In this paper,firstly we investigate a block cipher structure suitable for lightweight ciphers,and then apply cryptanalysis to several lightweight ciphers.The main results are as follows:1.Study on the practical security bound of GF-NLFSR structure with SPN round function.Using the “divide and conquer” strategy,we present the practical security bound of GF-NLFSR structure with SPN round function against linear cryptanalysis(LC).It is proved that for the n-cell GF-NLFSR with SPN round function,the minimum number of active Sbox of any linear characteristic over 2nr-round is,where Blstands for the linear branch number of the linear transformation P.Furthermore,by analyzing the duality between difference characteristics and linear characteristics of the GF-NLFSR structure,we prove that the practical seucrity bounds against differential cryptanalysis(DC)and linear cryptanalysis can be unified.Therefore,when designing ciphers based on GF-NLFSR structure with SPN round function,it is adequate to show its resistance against both DC and LC by evaluating the resistance to either one.2.Apply truncated differential cryptanalysis on PRINCE for the first time.We introduce the methods of “invariant subset” and “Super-Sbox” into the truncated differential cryptanalysis.For several reduced versions,there exist 5-round and 6-round truncated differential distinguishers.Different from several existing results,our result has no relation to the value of ?.3.Re-analyse PUFFIN against integral attack.Based on the theory of bit-pattern based integral and the knowledge of the polynomial functions on finite fields,we find and prove a 5-round integral distinguisher,and then extend it to a 6-round one using the strategy of higher order integral.Based on the 6-round integral distinguisher,we mount an integral attack on 8-round PUFFIN.The attack can recover 100-bit key,and the data complexity is about 220 chosen plaintexts,the time complexity is about 2338-round encryptions,while the storage complexity is about 220.This is the best integral attack on PUFFIN so far.4.Use Super-Sbox in the differential fault attack and apply it on two lightweight block ciphers with different structures.We view the SPS function of Piccolo's round function as a Super-Sbox,and mount a differential fault attack under a nibble-oriented fault model.LED is an SPN cipher,and the last 2 consecutive round functions can be viewed as a Super-Sbox layer.Based on the difference distribution of the Super-Sbox,we can get the best attack result both under the nibble fault model and byte fault model.Particularly,for LED-64,when the fault is induced in the 29 th round,the previous differential fault attacks would fail,while our method still works.The results demonstrate that Super-Sbox can be used to improve the differential fault attack on some proper ciphers,and cryptographic devices supporting Piccolo and LED should be carefully protected.