• PDF / 266,177 Bytes
• 16 Pages / 430 x 660 pts Page_size
• 85 Downloads / 199 Views

DOWNLOAD

REPORT

Abstract. HIGHT is a 32-round block cipher with a 64-bit block size and a 128-bit user key, which was proposed at CHES ’06 for low-resource applications like RFID. In this paper, we present an impossible differential attack on 25-round HIGHT, a related-key rectangle attack on 26round HIGHT, and finally a related-key impossible differential attack on 28-round HIGHT. Our result suggests that the safety margin of HIGHT decreases from the originally expected thirteen rounds to about four rounds now. Keywords: Block cipher, HIGHT, Impossible differential cryptanalysis, Rectangle attack, Related-key attack.

1

Introduction

Recently, cryptography for embedded and ubiquitous computing systems receives an extensive research attention. At CHES ’06, Hong et al. [9] presented a 32-round block cipher with a 64-bit block size and a 128-bit user key, known as HIGHT. Due to the simple byte-oriented operations involved, HIGHT is especially efficient in hardware implementations, much faster than those [7,8] of AES [19], and it is most suitable for various real-life resource-constrained application environments, such as RFID (Radio Frequency Identification) systems. The HIGHT proposers also analysed its security against various existing cryptanalytic attacks; they described a differential attack [6], a linear attack [18] and a boomerang attack [20] on 13-round HIGHT, a truncated differential attack [14] and a saturation attack [17] on 16-round HIGHT, an impossible differential attack [2,15] on 18-round HIGHT, and finally a related-key [1,12] boomerang attack [5] on 19-round HIGHT. In this paper, we further analyse the security of HIGHT. We exploit 16-round impossible differentials such that we can devise an impossible differential attack on 25-round HIGHT; we also exploit 18-round related-key rectangle distinguishers with probability 2−92.4 , which can enable us to mount a related-key rectangle 

This work as well as the author was supported by a British Chevening / Royal Holloway Scholarship and the European Commission under contract IST-2002-507932 (ECRYPT).

K.-H. Nam and G. Rhee (Eds.): ICISC 2007, LNCS 4817, pp. 11–26, 2007. c Springer-Verlag Berlin Heidelberg 2007 

12

J. Lu

attack on 26-round HIGHT. Finally, we exploit 19-round related-key impossible differentials that can be used to mount a related-key impossible differential attack on 28-round HIGHT. The rest of this paper is organised as follows. In the next section, we briefly describe some notation and the HIGHT block cipher. In Sections 3 and 4, we present our cryptanalytic results. Section 5 concludes this paper.

2 2.1

Preliminaries Notation

We will use the following notation throughout this paper. ⊕ : bitwise logical exclusive OR (XOR)  : addition modulo 28 ≪ i : left rotation by i bits ej : a byte with zeros in all positions but bit j, (0 ≤ j ≤ 7) ei1 ,···,ij : ei1 ⊕ · · · ⊕ eij , (0 ≤ i1 , · · · , ij ≤ 7) ej,∼ : a byte that has zeros in bits 0 to j − 1, a one in bit j and indeterminate values in bits (j + 1) to 7 – ej,∼ : a byte that has zeros in bits 0 to j and indetermi

Recommend Documents

Attacking Reduced-Round Versions of the SMS4 Block Cipher in the Chinese WAPI Standard

141 77 14MB

Cryptanalysis of Kalyna Block Cipher Using Impossible Differential Technique

202 49 19MB

The Block Cipher Companion

164 101 2MB

Evaluation and Cryptanalysis of the Pandaka Lightweight Cipher

157 78 23MB

Integral Cryptanalysis of Reduced-Round Tweakable TWINE

148 63 25MB

Research on Differential Power Analysis of Lightweight Block Cipher LED

195 97 168MB

Compact Implementation of CHAM Block Cipher on Low-End Microcontrollers

185 37 34MB

New Results on Impossible Differential Cryptanalysis of Reduced AES

170 66 181KB

Linear Slide Attacks on the KeeLoq Block Cipher

153 86 424KB

Linear Structures: Applications to Cryptanalysis of Round-Reduced Keccak

175 90 1MB

A quantum distinguisher for 7/8-round SMS4 block cipher

172 77 511KB

A Novel Block Cipher Based on Randomly Shuffled Key Strings

160 37 1MB