Cryptanalysis of PRESENT-like ciphers with secret S-boxes

Julia Borghoff; Lars Ramkilde Knudsen; Gregor Leander; Søren Steffen Thomsen

doi:10.1007/978-3-642-21702-9_16

Cryptanalysis of PRESENT-like ciphers with secret S-boxes

Julia Borghoff, Lars Ramkilde Knudsen, Gregor Leander, Søren Steffen Thomsen

Research output: Contribution to journal › Conference article › Research › peer-review

Abstract

At Eurocrypt 2001, Biryukov and Shamir investigated the security of AES-like ciphers where the substitutions and affine transformations are all key-dependent and successfully cryptanalysed two and a half rounds. This paper considers PRESENT-like ciphers in a similar manner. We focus on the settings where the S-boxes are key dependent, and repeated for every round. We break one particular variant which was proposed in 2009 with practical complexity in a chosen plaintext/chosen ciphertext scenario. Extrapolating these results suggests that up to 28 rounds of such ciphers can be broken. Furthermore, we outline how our attack strategy can be applied to an extreme case where the S-boxes are chosen uniformly at random for each round and where the bit permutation is secret as well. © 2011 Springer-Verlag.

Original language	English
Book series	Lecture Notes in Computer Science
Volume	6733
Pages (from-to)	270-289
ISSN	0302-9743
DOIs	https://doi.org/10.1007/978-3-642-21702-9_16
Publication status	Published - 2011
Event	18th International Workshop on Fast Software Encryption - Lyngby, Denmark Duration: 14 Feb 2011 → 16 Feb 2011 http://fse2011.mat.dtu.dk/

Workshop

Workshop	18th International Workshop on Fast Software Encryption
Country/Territory	Denmark
City	Lyngby
Period	14/02/2011 → 16/02/2011
Internet address	http://fse2011.mat.dtu.dk/

Keywords

PRESENT
Block cipher
Differential cryptanalysis
Symmetric key

Access to Document

10.1007/978-3-642-21702-9_16

OpenUrl availability

Full text

Cite this

@inproceedings{ad9929f2e11743dd9cdb90471474df72,

title = "Cryptanalysis of PRESENT-like ciphers with secret S-boxes",

abstract = "At Eurocrypt 2001, Biryukov and Shamir investigated the security of AES-like ciphers where the substitutions and affine transformations are all key-dependent and successfully cryptanalysed two and a half rounds. This paper considers PRESENT-like ciphers in a similar manner. We focus on the settings where the S-boxes are key dependent, and repeated for every round. We break one particular variant which was proposed in 2009 with practical complexity in a chosen plaintext/chosen ciphertext scenario. Extrapolating these results suggests that up to 28 rounds of such ciphers can be broken. Furthermore, we outline how our attack strategy can be applied to an extreme case where the S-boxes are chosen uniformly at random for each round and where the bit permutation is secret as well. {\textcopyright} 2011 Springer-Verlag.",

keywords = "PRESENT, Block cipher, Differential cryptanalysis, Symmetric key",

author = "Julia Borghoff and Knudsen, {Lars Ramkilde} and Gregor Leander and Thomsen, {S{\o}ren Steffen}",

year = "2011",

doi = "10.1007/978-3-642-21702-9_16",

language = "English",

volume = "6733",

pages = "270--289",

journal = "Lecture Notes in Computer Science",

issn = "0302-9743",

publisher = "Springer",

note = "18th International Workshop on Fast Software Encryption, FSE 2011 ; Conference date: 14-02-2011 Through 16-02-2011",

url = "http://fse2011.mat.dtu.dk/",

}

TY - GEN

T1 - Cryptanalysis of PRESENT-like ciphers with secret S-boxes

AU - Borghoff, Julia

AU - Knudsen, Lars Ramkilde

AU - Leander, Gregor

AU - Thomsen, Søren Steffen

PY - 2011

Y1 - 2011

N2 - At Eurocrypt 2001, Biryukov and Shamir investigated the security of AES-like ciphers where the substitutions and affine transformations are all key-dependent and successfully cryptanalysed two and a half rounds. This paper considers PRESENT-like ciphers in a similar manner. We focus on the settings where the S-boxes are key dependent, and repeated for every round. We break one particular variant which was proposed in 2009 with practical complexity in a chosen plaintext/chosen ciphertext scenario. Extrapolating these results suggests that up to 28 rounds of such ciphers can be broken. Furthermore, we outline how our attack strategy can be applied to an extreme case where the S-boxes are chosen uniformly at random for each round and where the bit permutation is secret as well. © 2011 Springer-Verlag.

AB - At Eurocrypt 2001, Biryukov and Shamir investigated the security of AES-like ciphers where the substitutions and affine transformations are all key-dependent and successfully cryptanalysed two and a half rounds. This paper considers PRESENT-like ciphers in a similar manner. We focus on the settings where the S-boxes are key dependent, and repeated for every round. We break one particular variant which was proposed in 2009 with practical complexity in a chosen plaintext/chosen ciphertext scenario. Extrapolating these results suggests that up to 28 rounds of such ciphers can be broken. Furthermore, we outline how our attack strategy can be applied to an extreme case where the S-boxes are chosen uniformly at random for each round and where the bit permutation is secret as well. © 2011 Springer-Verlag.

KW - PRESENT

KW - Block cipher

KW - Differential cryptanalysis

KW - Symmetric key

U2 - 10.1007/978-3-642-21702-9_16

DO - 10.1007/978-3-642-21702-9_16

M3 - Conference article

SN - 0302-9743

VL - 6733

SP - 270

EP - 289

JO - Lecture Notes in Computer Science

JF - Lecture Notes in Computer Science

T2 - 18th International Workshop on Fast Software Encryption

Y2 - 14 February 2011 through 16 February 2011

ER -

Cryptanalysis of PRESENT-like ciphers with secret S-boxes

Abstract

Workshop

Keywords

Access to Document

OpenUrl availability

Fingerprint

Cite this