Bulygin, Stanislav ; Walter, Michael ; Buchmann, Johannes (2013)
Full analysis of PRINTcipher with respect to invariant subspace attack: efficient key recovery and countermeasures.
In: Designs, Codes, and Cryptography 73(3)
doi: 10.1007/s10623-013-9840-5
Artikel, Bibliographie
Kurzbeschreibung (Abstract)
In this paper we investigate the invariant property of PRINTcipher initially discovered by Leander et al. in their CRYPTO 2011 paper. We provide a complete study of the attack and show that there exist 64 families of weak keys for PRINTcipher-48 and as many as 115,669 for PRINTcipher-96. Moreover, we show that searching the weak key space may be substantially sped up by splitting the search process into two consecutive steps. We show that for many classes of weak keys, key recovery can be done with very small time complexity in the chosen/known plaintext scenario. In fact, at least 2^45 weak keys can be recovered in less than 10 seconds per key on a single PC. Still, effective countermeasures exist against the attack. On the methodological level, the method of finding all weak key families has value on its own. It is based on Mixed Integer Linear Programming and can be adapted to solving other interesting problems on similar ciphers.
| Typ des Eintrags: | Artikel |
|---|---|
| Erschienen: | 2013 |
| Autor(en): | Bulygin, Stanislav ; Walter, Michael ; Buchmann, Johannes |
| Art des Eintrags: | Bibliographie |
| Titel: | Full analysis of PRINTcipher with respect to invariant subspace attack: efficient key recovery and countermeasures |
| Sprache: | Englisch |
| Publikationsjahr: | 2013 |
| Titel der Zeitschrift, Zeitung oder Schriftenreihe: | Designs, Codes, and Cryptography 73(3) |
| DOI: | 10.1007/s10623-013-9840-5 |
| Kurzbeschreibung (Abstract): | In this paper we investigate the invariant property of PRINTcipher initially discovered by Leander et al. in their CRYPTO 2011 paper. We provide a complete study of the attack and show that there exist 64 families of weak keys for PRINTcipher-48 and as many as 115,669 for PRINTcipher-96. Moreover, we show that searching the weak key space may be substantially sped up by splitting the search process into two consecutive steps. We show that for many classes of weak keys, key recovery can be done with very small time complexity in the chosen/known plaintext scenario. In fact, at least 2^45 weak keys can be recovered in less than 10 seconds per key on a single PC. Still, effective countermeasures exist against the attack. On the methodological level, the method of finding all weak key families has value on its own. It is based on Mixed Integer Linear Programming and can be adapted to solving other interesting problems on similar ciphers. |
| Freie Schlagworte: | Secure Data;PRINTcipher, invariant coset attack, mixed integer linear programming, weak keys, chosen plaintext attack, key recovery |
| ID-Nummer: | TUD-CS-2013-0141 |
| Fachbereich(e)/-gebiet(e): | LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt 20 Fachbereich Informatik > Theoretische Informatik - Kryptographie und Computeralgebra 20 Fachbereich Informatik > Theoretische Informatik - Kryptographie und Computeralgebra > Kryptoanalyse und Seitenkanalangriffe (CSCA) LOEWE > LOEWE-Zentren 20 Fachbereich Informatik LOEWE |
| Hinterlegungsdatum: | 30 Dez 2016 20:23 |
| Letzte Änderung: | 17 Mai 2018 13:02 |
| PPN: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum