Research On Impossible Differential Cryptanalysis Of Typical Lightweight Block Ciphers

Lightweight block ciphers is widely used in resource-constrained environments with low computing and storage overhead and the ability to provide the required encryption performance.With the rise of Internet of Things,lightweight block ciphers have become a hot topic.Impossible differential cryptanalysis,as a variant of differential cryptanalysis,proposed by Knudsen and Biham respectively,is one of the most common cryptanalysis methods.The key of this cryptanalysis is to find out the longest impossible differential distinguishers.The least upper bound of impossible differential distinguishers is an important criterion for measuring the ability of resisting impossible differential cryptanalysis.If the longest impossible differential distinguishers can be given,there is an important reference value for both designers and cryptanalysts.In the paper,the security of several typical lightweight block ciphers under impossible differential attack is analyzed.Basic idea of our research is first to study the cryptographic properties of cryptographic algorithms or cryptographic models.Secondly,based on the obtained properties,the differential diffusion laws of the cryptographic algorithms or the cryptographic models in encryption and decryption direction are analyzed so that the least upper bound of impossible differential distinguishers is obtained by miss-in-the-middle technology.Further,we use the differential diffusion laws of the cryptographic algorithms or the cryptographic models in encryption and decryption direction to find out or classify all of the longest impossible differential distinguishers.Finally,based on the optimal impossible differential distinguishers and combined with some attack techniques,the security evaluation results of cryptographic algorithms are given.The works are shown as follows.1.The security of Midori-64 under truncated impossible differential cryptanalysis is studied.Firstly,by analyzing the differential diffusion laws of Midori in encryption and decryption direction,it is proved that the least upper bound of truncated impossible differential distinguisher for Midori is 6.And the 6-round truncated impossible differential distinguishers are classified.Secondly,based on the classification,a 6-round distinguisher was constructed.And the impossible differential attack on 11-round Midori-64 is given to recover the 128-bit master key.2.The security of SPECK under impossible differential cryptanalysis is studied.Firstly,based on differential diffusion property of addition given by Xu Hong et al,the differential diffusion laws of SPECK family of block ciphers in encryption and decryption direction are analyzed.Thus it is proved that the maximum number of rounds of impossible differential distinguishers for SPECK family of block ciphers under the differential diffusion property of addition is 6-round,and the all 6-round impossible differential distinguishers are given.Secondly,by further analyzing the properties of the differential diffusion of addition,many 7-round impossible differential distinguishers of SPECK family of block ciphers are constructed.Finally,based on the obtained 6-round and 7-round impossible differential distinguishers,10-round and 11-round SPECK 2n/4n(2n=32,48,64,128)impossible differential attack and 9-round and 10-round SPECK96/144 impossible differential attack are given to recover all master key.3.The longest impossible differential distinguishers of SIMON-type ciphers are analyzed.Under single bit differential diffusion condition,based on weak rotational property,the least upper bound of impossible differential distinguishers and all the longest impossible differential distinguishers for SIMON-type ciphers can be given under single bit differential mode.Further,we presented SIMON-type ciphers have additive property under differential mode,so that the results under single bit differential mode can be extended to multiple bits differential mode.Choosing SIMON and SIMECK as cases study,using weak rotational property and additive property of SIMON-type ciphers,it's proved the longest impossible differential distinguishers under single bit differential diffusion condition for SIMON32/48/64/96/128,SIMECK32/48/64 is 11/12/13/16/19,11/13/15 rounds respectively,and all the longest impossible differential distinguishers of them are given.In addition,multiple bits differential diffusion property of SIMECK is found,and 15-round impossible differential distinguishers of SIMECK48 and 17-round impossible differential distinguishers of SIMECK64 are given with this property.Finally,since the mapping from impossible differential distinguishers to zero correlation linear distinguishers on SIMON-type ciphers is a bijection,the results of impossible differential distinguishers also apply to zero correlation linear distinguishers.