Linear Cryptanalysis Of Lightweight Block Cipher LBlock

With the rapid development of the internet and mobile communication, the information security is more and more important for people in the field of open internet and information communication. On account of the development of science and technology, the technology of RFID and wireless sensor network go deep into every aspect of human work and life in recent years. These tech-niques are used in miniature devices for transfer information. The lightweight block cipher is fit for miniature devices because of the simple mechanism of algorithm, the relatively short key length, easy hardware implementation, low energy consumption and certain strength of information security. Lightweight block ciphers have made great progress and are widely used in people’s work and life in recent years.Linear cryptanalysis of iterative block ciphers is proposed at EURO-CRYPT1993by Matsui, a Japanese cryptanalyst, and it is known-plaintext attack. By analyzing the linear relation between the plaintext and ciphertext, we identify linear approximation with nonzero bias and recover the key upon it. Through continuous development and improvement, linear cryptanalysis has become a typical attack for analyzing the iterative block ciphers.The lightweight block cipher LBlock is proposed by Wenling Wu et al ANCS2011. It is a Feistel cipher with64-bit block and80-bit key. The number of rounds should be at least32. The encryption algorithm and the decryption algorithm are the same due to the Feistel structure, apart from reversing the order of round keys, and the key schedule is designed separately. The hardware implementation of LBlock is better than that of PRESENT with the same block and key length.After LBlock was proposed, lots of cryptanalysts have analyzed its se-curity. Sasaki and Wang proposed integral attack on LBlock in2012, Ya Liu et al proposed the impossible differential cryptanalysis of LBlock in2012, Soleimany and Nyberg proposed the zero-correlation linear cryptanalysis of LBlock in2013, etc.. What’s more, Chen et al proposed differential cryptanal-ysis on LBlock in2013. They constructed15-round multiple differential paths with probability2-612351, and managed to mount attack on17-round LBlock with time complexity267.52and data complexity25975.This paper uses the linear cryptanalysis to attack LBlock. By analyzing the structure of LBlock and the property of the used S-Box, we discover a13-round linear path of LBlock with the bias2-31. Based on this, we obtain a13-round linear approximation of LBlock and achieve a17-round attack with time complexity277.12encryptions and data complexity262known-plaintexts.