Impossible Differential Cryptanalysis of 16/18-Round Khudra
详细信息 查看全文
- 关键词:Khudra ; Generalized feistel structure ; Lightweight ; Impossible differential cryptanalysis
- 刊名:Lecture Notes in Computer Science
- 出版年:2017
- 出版时间:2017
- 年:2017
- 卷:10098
- 期:1
- 页码:33-44
- 丛书名:Lightweight Cryptography for Security and Privacy
- ISBN:978-3-319-55714-4
- 卷排序:10098
文摘
Khudra is a recently proposed lightweight block cipher specifically dedicated for Field Programmable Gate Arrays (FPGAs) implementation. It is a 4-branch type-2 generalized Feistel structure (GFS) of 18 rounds with 64-bit block size and 80-bit security margin. This paper studies the security of Khudra against impossible differential cryptanalysis. In the single-key scenario, the best impossible differential attack given by the designers works for 11 rounds with \(2^{57}\) chosen plaintexts and \(2^{61}\) encryptions. In this paper, by exploiting the structure of Khudra and the redundancy in its key schedule, we significantly improve previously known results. First, we propose an impossible differential attack on 14-round Khudra with \(2^{54.06}\) chosen plaintexts, \(2^{50.26}\) encryptions and \(2^{49}\) memory. Then, we extend the attack by including pre-whitening keys with \(2^{59.03}\) known plaintexts, \(2^{67.06}\) time and \(2^{59.03}\) memory complexities. Finally, we present an impossible differential attack against 16-round Khudra where whitening-keys are omitted. The 16-round attack requires \(2^{49.58}\) chosen plaintexts, \(2^{79.26}\) encryptions and \(2^{64}\) memory. To the best of our knowledge, these attacks are the best known attacks in the single-key scenario.