Related-key Rectangle Attack And Its Application To The Lightweight Block Cipher

With advancements in IoT technology,it becomes more and more siginificant to pro-tect data privacy and security.Then how to ensure the security of Internet of Things has become a concern of the whole society.As we known,block cipher is one of the most important encryption and decryption algorithms in information and data security.Yet at the same time the cryptographic solutions,and particularly the traditional cryptographic primitives,we have at hand are unsatisfactory for extremely resource-constrained environ-ments.Hence,lightweight cryptography has become a hot topic and research on designing and analyzing lightweight blockciphers has received a lot of attentionThe rectangle attack is the extension of the traditional differential attack,and is evolved from the boomerange attack.It has been widely used to attack several existing ciphers.In this article,we study the security of lightweight block ciphers GIFT,Khu-dra and MIBS against related-key rectangle attack.We use MILP-aided cryptanalysis to search rectangle distinguishers by taking into account the effect of the ladder switch tech-nique.The main contribution of this article are as follows1.For GIFT-64,we try to convert the differential propagations and the ladder switch technique into MILP instance,and then we can obtain a 19-round related-key rectan-gle distinguisher.After that,we try to do key recovery attacks on 23-round GIFT-64 based on the corresponding distinguisher.the complexities of this attack are as fol-lows:the data complexity is 260 chosen plaintexts,the time complexity is about 2107 memory accesses and the memory complexity is 260 bytes2.For Khudra,we study of the differential propagation pattern and find a good differ-ence trail with high probability.Then,combination of thses two difenrence trails to be rectangle distinguishers by taking into account the effect of the ladder switch technique.A 14-round related-key rectangle distinguisher can be built which lead us to 17-round rectangle attack.Our attack on 17-round Khudra requires a data complexity of 262.9 chosen plaintexts and a time complexity of 273.9 encryptions3.For MIBS-64,we also try to convert the differential propagations and the ladder switch technique into MILP instance,and then we can construct a 13-round related-key rectangle distinguisher.Then,we try to do key recovery attacks on 15-round MIBS-64 based on the corresponding distinguisher with time complexity of 259 and data complexity of 245Compared to the previous best related-key rectangle attack,we get the first 23-round related-key rectangle attack on GIFT-64.And not only that,our realted-key rectangle attacks on 17-round Khudra and 15-round MIBS-64 are both better than previously best realted-key rectangle attack in terms of the number of the attacked rounds.