标题:A distinguisher on PRESENT-like permutations with application to SPONGENT
作者:Zhang, Guoyan; Liu, Meicheng
作者机构:[Zhang Guoyan] School of Computer Science and Technology, Shandong University, Key Laboratory of Cryptologic Technology and Information Security, Mini 更多
通讯作者:Liu, Meicheng(meicheng.liu@gmail.com)
通讯作者地址:[Liu, MC]Nanyang Technol Univ, Sch Phys & Math Sci, Singapore 639798, Singapore;[Liu, MC]Chinese Acad Sci, Inst Informat Engn, State Key Lab Informat 更多
来源:中国科学. 信息科学
出版年:2017
卷:60
期:7
DOI:10.1007/s11432-016-0165-6
关键词:symmetric ciphers; PRESENT; SPONGENT; truncated differential;; meet-in-the-middle; multidimensional linear approximation
摘要:At Crypto 2015, Blondeau et al. showed a known-key analysis on the full PRESENT lightweight block cipher. Based on some of the best differential distinguishers, they introduced a meet in the middle (MitM) layer to pre-add the differential distinguisher, which extends the number of attacked rounds on PRESENT from 26 rounds to full rounds without reducing differential probability. In this paper, we generalize their method and present a distinguisher on a kind of permutations called PRESENT-like permutations. This generic distinguisher is divided into two phases. The first phase is a truncated differential distinguisher with strong bias, which describes the unbalance of the output collision on some fixed bits, given the fixed input in some bits, and we take advantage of the strong relation between truncated differential probability and capacity of multidimensional linear approximation to derive the best differential distinguishers. The second phase is the meet-in-the-middle layer, which is pre-added to the truncated differential to propagate the differential properties as far as possible. Different with Blondeau et al.'s work, we extend the MitM layers on a 64-bit internal state to states with any size, and we also give a concrete bound to estimate the attacked rounds of the MitM layer. As an illustration, we apply our technique to all versions of SPONGENT permutations. In the truncated differential phase, as a result we reach one, two or three rounds more than the results shown by the designers. In the meet-in-the-middle phase, we get up to 11 rounds to pre-add to the differential distinguishers. Totally, we improve the previous distinguishers on all versions of SPONGENT permutations by up to 13 rounds.
收录类别:EI;CSCD;SCOPUS;SCIE
资源类型:期刊论文
原文链接:https://www.scopus.com/inward/record.uri?eid=2-s2.0-85010739032&doi=10.1007%2fs11432-016-0165-6&partnerID=40&md5=0f355cb7535b66096d6dbc1e0b553eb2
TOP