Related-Key Slide Attacks on Block Ciphers with Secret Components
详细信息    查看全文
  • 作者:Meltem S?nmez Turan (18)
  • 关键词:Lightweight Block Ciphers ; Related ; Key Slide Attacks ; Secret Components
  • 刊名:Lecture Notes in Computer Science
  • 出版年:2013
  • 出版时间:2013
  • 年:2013
  • 卷:8162
  • 期:1
  • 页码:43-54
  • 全文大小:284KB
  • 参考文献:1. Feldhofer, M., Wolkerstorfer, J., Rijmen, V.: AES Implementation on a Grain of Sand. IEE Proceedings / Information Security?152, 13-0 (2005) CrossRef
    2. Hamalainen, P., Alho, T., Hannikainen, M., Hamalainen, T.D.: Design and Implementation of Low-Area and Low-Power AES Encryption Hardware Core. In: Proceedings of the 9th EUROMICRO Conference on Digital System Design, DSD 2006, pp. 577-83. IEEE Computer Society, Washington, DC (2006)
    3. Moradi, A., Poschmann, A., Ling, S., Paar, C., Wang, H.: Pushing the Limits: A Very Compact and a Threshold Implementation of AES. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol.?6632, pp. 69-8. Springer, Heidelberg (2011) CrossRef
    4. Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M., Seurin, Y., Vikkelsoe, C.: PRESENT: An Ultra-Lightweight Block Cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol.?4727, pp. 450-66. Springer, Heidelberg (2007) CrossRef
    5. Hong, D., Sung, J., Hong, S., Lim, J., Lee, S., Koo, B., Lee, C., Chang, D., Lee, J., Jeong, K., Kim, H., Kim, J., Chee, S.: HIGHT: A New Block Cipher Suitable for Low-Resource Device. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol.?4249, pp. 46-9. Springer, Heidelberg (2006) CrossRef
    6. Leander, G., Paar, C., Poschmann, A., Schramm, K.: New Lightweight DES Variants. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol.?4593, pp. 196-10. Springer, Heidelberg (2007) CrossRef
    7. Knudsen, L.R., Leander, G., Poschmann, A., Robshaw, M.J.B.: PRINTcipher: A Block Cipher for IC-Printing. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol.?6225, pp. 16-2. Springer, Heidelberg (2010) CrossRef
    8. Wagner, D., Briceno, M., Goldberg, I.: A Pedagogical Implementation of the GSM A5/1 and A5/2 ”voice privacy-encryption algorithms, http://www.scard.org/gsm/a51.html (accessed January 23, 2013)
    9. 4C?Entity. C2 Block Cipher Specification, Revision 1.0, http://www.4centity.com/
    10. Borghoff, J., Knudsen, L.R., Leander, G., Matusiewicz, K.: Cryptanalysis of C2. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol.?5677, pp. 250-66. Springer, Heidelberg (2009) CrossRef
    11. NRS 009-6-7:2002. Rationalized User Specification, Electricity Sales Systems, Part 6: Interface standards Section 7: Standard Transfer Specification/Credit Dispensing Unit -Electricity dispenser -Token Encoding and Data Encryption and Decryption (2002)
    12. Borghoff, J., Knudsen, L.R., Leander, G., Thomsen, S.S.: Cryptanalysis of PRESENT -Like Ciphers with Secret S-Boxes. In: Joux, A. (ed.) FSE 2011. LNCS, vol.?6733, pp. 270-89. Springer, Heidelberg (2011) CrossRef
    13. Borghoff, J., Knudsen, L.R., Leander, G., Thomsen, S.S.: Slender-Set Differential Cryptanalysis. J. Cryptology?26(1), 11-8 (2013) CrossRef
    14. Biryukov, A., Wagner, D.: Slide Attacks. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol.?1636, pp. 245-59. Springer, Heidelberg (1999) CrossRef
  • 作者单位:Meltem S?nmez Turan (18)

    18. National Institute of Standards and Technology, Gaithersburg, MD, USA
文摘
Lightweight cryptography aims to provide sufficient security with low area/power/energy requirements for constrained devices. In this paper, we focus on the lightweight encryption algorithm specified and approved in NRS 009-6-7:2002 by Electricity Suppliers Liaison Committee to be used with tokens in prepayment electricity dispensing systems in South Africa. The algorithm is a 16-round SP network with 64-bit key using two 4-to-4 bit S-boxes and a 64-bit permutation. The S-boxes and the permutation are kept secret and provided only to the manufacturers of the system under license conditions. We present related-key slide attacks to recover the secret key and secret components using four scenarios; (i) known S-box and permutation with 248 time complexity using 216-- chosen plaintexts; (ii) unknown S-box and known permutation with 255 time complexity using 222.71-- chosen plaintexts; (iii) known S-box and unknown permutation with 248 time complexity using 216-- chosen plaintexts and 212.28 adaptively chosen plaintexts; and finally, (iv) unknown S-box and permutation, with 248 time complexity using 222.71-- chosen plaintexts and 231.29 adaptively chosen plaintexts. We also extend these attacks to recover the secret components in a chosen-key setting with practical complexities.

© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号

地址:北京市海淀区学院路29号 邮编:100083

电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700