Cryptanalysis of PRESENT-like ciphers with secret S-boxes

Julia Borghoff, Lars Ramkilde Knudsen, Gregor Leander, Søren Steffen Thomsen

    Research output: Contribution to journalConference articleResearchpeer-review


    At Eurocrypt 2001, Biryukov and Shamir investigated the security of AES-like ciphers where the substitutions and affine transformations are all key-dependent and successfully cryptanalysed two and a half rounds. This paper considers PRESENT-like ciphers in a similar manner. We focus on the settings where the S-boxes are key dependent, and repeated for every round. We break one particular variant which was proposed in 2009 with practical complexity in a chosen plaintext/chosen ciphertext scenario. Extrapolating these results suggests that up to 28 rounds of such ciphers can be broken. Furthermore, we outline how our attack strategy can be applied to an extreme case where the S-boxes are chosen uniformly at random for each round and where the bit permutation is secret as well. © 2011 Springer-Verlag.
    Original languageEnglish
    Book seriesLecture Notes in Computer Science
    Pages (from-to)270-289
    Publication statusPublished - 2011
    Event18th International Workshop on Fast Software Encryption - Lyngby, Denmark
    Duration: 14 Feb 201116 Feb 2011


    Workshop18th International Workshop on Fast Software Encryption
    Internet address


    • Block cipher
    • Differential cryptanalysis
    • Symmetric key


    Dive into the research topics of 'Cryptanalysis of PRESENT-like ciphers with secret S-boxes'. Together they form a unique fingerprint.

    Cite this