Cryptanalysis Of Lightweight Block Cipher Algorithms

With the advent of the Internet of things, the application of the micro computing devices such as RFID chips and wireless sensor networks has become popular, which brings more convenience to people’s daily lives. At the same time, how to ensure the security of communication information has made people pay more and more attention. Because of the limited computing resource of the micro device, so many lightweight block ciphers which both pursue efficiency but also ensure safety are carried out.KTANTAN is a family of hardware oriented blocks ciphers proposed by Christophe De Canniere. Orr Dunkelman and Miroslav Knezevic at CHES’09. which is targeting low gate count and reduced power consumption. KTANTAN uses the NLFSR update mode and the linearity of the key schedule together, besides an80-bit security level supported by a large security margin on differential cryptanalysis, linear cryptanalysis and other attacks. KTANTAN has three variants with block sizes of32-bit,48-bit and64-bit, and we refer to the KTANTAN version with b-bit blocks as KTNTANb. While the block size differs from version to version, the key size and the number of encryption rounds remains the same—each of them takes80-bit user-supplied key and has254rounds. The currently known cryptanalysis methods on KTANTAN cipher are correlation power analysis, meet-in-the-middle attack, the related-key meet-in-the-middle algebraic attack, etc.Lightweight block cipher looks for the best balance of efficiency and security in the design phase. However, when the execution efficiency increases, the security of the algorithm is bound to be affected, so it is particularly important to analyze the security of the algorithm. This thesis aims to evaluate the security of the lightweight block cipher algorithms, and takes KTANTAN as an example. We first study the encryption structure and characteristics of the KTANTAN cipher algorithm, and then try to use3-dimensional or more than3-dimensional meet-in-the-middle attacks to analysis the KTANTAN’s security. Furthermore, we use splice-and-cut, indirect partial matching, data preprocessing technique or other technology to improve the attack method, and achieve the following results: 1. Taking advantage of the encryption structure and characteristics of the KTANTAN cipher algorithm, we divide the algorithm into three segments by guessing two certain intermediate states X and Y, and apply Meet-in-the-Middle attack on each segment respectively. We describe the detailed attack step and analyze the time complexity and data complexity of the attack.2. We try to study the process of3-dimensional meet-in-the-middle attack combing splice-and-cut and indirect partial matching techniques on KTANTAN32and get a better result. From the researched attack instances, we find that the full KTANTAN32cipher could be broken with a time complexity267.63and only3plaintext/ciphertext pairs.3. Based on the above research results, we continue to improve the3-dimensional meet-in-the-middle attack by guessing parts but not all of the bits of Y. By adjusting the position of the X and Y, we get a better result with a time complexity266.77and3plaintext/ciphertext pairs.4. We try to study3dimensional Meet-in-the-middle attack combining data preprocessing and caching techniques on KTANTAN32, which avoids the repetition calculation. We can conclude that KTANTAN32could be broken with a time complexity of265.17.5. We briefly analyze the feasibility of3-dimensional meet-in-the-middle attacks on KTANTAN64/128and more than3-dimensional meet-in-the-middle attacks on the KTANTAN32/64/128at last.