Sharif Digital Repository

In this paper, we present a framework for biclique cryptanalysis of block ciphers which extremely requires a low amount of data. To that end, we enjoy a new representation of biclique attack based on a new concept of cutset that describes our attack more clearly. Then, an algorithm for choosing two differential characteristics is presented to simultaneously minimize the data complexity and control the computational complexity. Then, we characterize those block ciphers that are vulnerable to this technique and among them, we apply this attack on lightweight block ciphers Piccolo-80, Piccolo-128, and HIGHT. The data complexity of these attacks is only 16-plaintext-ciphertext pairs, which is... 

This paper presents cube and dynamic cube attacks on reduced-round lightweihgt block cipher SIMON32/64, proposed by U.S. National Security Agency in 2013. Cube attack is applied to 17 rounds out of 32 rounds of SIMON using a 13-round distinguisher and dynamic cube breaks 14 rounds out of 32 rounds using 10-round distinguishers. Both attacks recover the full 64-bit key of the cipher in a practical time complexity  

This paper analyzes the Piccolo family of lightweight block ciphers against the impossible differential cryptanalysis. A combination of some ploys such as decreasing the S-box computations, finding an appropriate propagation of differentials, utilizing hash tables and using the linearity of the key-schedule as well as disregarding subkeys of two rounds lead to 12-round and 13-round impossible differential attack on Piccolo-80 and 15-round attack on Piccolo-128. The time and data complexity of the attack against Piccolo-80 is 255.18 and 236.34 for 12-round and 269.7 and 243.25 for 13-round, respectively. Moreover, the time and data complexity for 15 rounds cryptanalysis of Piccolo-128 are... 

LBlock is a lightweight block cipher proposed in ACNS 2011 as a solution to the security challenge in extremely constrained environments. Because biclique cryptanalysis had not been invented when this cipher was designed, the designers themselves evaluated the security of this cipher one year later in WISA 2012, where a modified key schedule was also suggested to make this cipher resistant against biclique attack. In this paper, we analyze the full-round of LBlock with this modified key schedule by the biclique attack with data complexity of 212 and computational complexity of 278-74. In the biclique attack, a shorter biclique potentially results in less data complexity, but at the expense... 

KLEIN is a family of lightweight block ciphers which was proposed at RFIDSec 2011 by Gong et. al. It has three versions with 64, 80 or 96-bit key size, all with a 64-bit state size. It uses 16 identical 4-bit S-boxes combined with two AES's MixColumn transformations for each round. This approach allows compact implementations of KLEIN in both low-end software and hardware. Such an unconventional combination attracts the attention of cryptanalysts, and several security analyses have been published. The most successful one was presented at FSE 2014 which was a truncated differential attack. They could attack up to 12, 13 and 14 rounds out of total number of 12, 16 and 20 rounds for... 

HIGHT is a lightweight block cipher introduced in CHES 2006 by Hong et al as a block cipher suitable for low-resource applications. In this paper, we propose improved impossible differential and biclique attacks on HIGHT block cipher both exploiting the permutation-based property of the cipher's key schedule algorithm as well as its low diffusion. For impossible differential attack, we found a new 17-round impossible differential characteristic that enables us to propose a new 27-round impossible differential attack. The total time complexity of the attack is 2120.4 where an amount of 259.3 chosen plaintext-ciphertext pairs and 2107.4 memory are required. We also instantiate a new biclique...