TU Darmstadt / ULB / TUbiblio

Many weak keys for PRINTcipher: fast key recovery and countermeasures

Bulygin, Stanislav and Walter, Michael and Buchmann, Johannes
Dawson, E. (ed.) (2013):
Many weak keys for PRINTcipher: fast key recovery and countermeasures.
In: RSA Conference Cryptographer's Track (CT-RSA 2013), Springer, In: Lecture Notes in Computer Science, 7779, [Conference or Workshop Item]

Abstract

In this paper we investigate the invariant property of PRINTcipher first discovered by Leander et al. in their CRYPTO 2011 paper. We provide a complete study and show that there exist 64 families of weak keys for PRINTcipher-48 and as many as 115,669 for PRINTcipher-96. Moreover, we show that searching the weak key space may be substantially sped up by splitting the search into two consecutive steps. We show that for many classes of weak keys, key recovery can be done with very small time complexity in the chosen/known plaintext scenario. This shows that the cipher is actually much more vulnerable to this type of attacks than was even thought previously. Still, effective countermeasures exist against the attack. The method of finding all weak key families has value on its own. It is based on Mixed Linear Integer Programming and can be adapted to solving other interesting problems on similar ciphers.

Item Type: Conference or Workshop Item
Erschienen: 2013
Editors: Dawson, E.
Creators: Bulygin, Stanislav and Walter, Michael and Buchmann, Johannes
Title: Many weak keys for PRINTcipher: fast key recovery and countermeasures
Language: ["languages_typename_1" not defined]
Abstract:

In this paper we investigate the invariant property of PRINTcipher first discovered by Leander et al. in their CRYPTO 2011 paper. We provide a complete study and show that there exist 64 families of weak keys for PRINTcipher-48 and as many as 115,669 for PRINTcipher-96. Moreover, we show that searching the weak key space may be substantially sped up by splitting the search into two consecutive steps. We show that for many classes of weak keys, key recovery can be done with very small time complexity in the chosen/known plaintext scenario. This shows that the cipher is actually much more vulnerable to this type of attacks than was even thought previously. Still, effective countermeasures exist against the attack. The method of finding all weak key families has value on its own. It is based on Mixed Linear Integer Programming and can be adapted to solving other interesting problems on similar ciphers.

Title of Book: RSA Conference Cryptographer's Track (CT-RSA 2013)
Series Name: Lecture Notes in Computer Science
Volume: 7779
Publisher: Springer
Uncontrolled Keywords: Secure Data;PRINTcipher, invariant coset attack, mixed integer linear programming, weak keys, chosen plaintext attack, key recovery
Divisions: LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
20 Department of Computer Science > Theoretical Computer Science - Cryptography and Computer Algebra
20 Department of Computer Science > Theoretical Computer Science - Cryptography and Computer Algebra > Cryptanalysis and Side Channel Attacks (CSCA)
LOEWE > LOEWE-Zentren
20 Department of Computer Science
LOEWE
Date Deposited: 30 Dec 2016 20:23
Identification Number: TUD-CS-2013-0002
Export:
Suche nach Titel in: TUfind oder in Google

Optionen (nur für Redakteure)

View Item View Item