Affiliation:
1. Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering, CAS
2. School of Cyber Security, University of Chinese Academy of Sciences
Abstract
At CHES 2017, Banik et al. proposed a lightweight block cipher GIFT consisting of two versions GIFT-64 and GIFT-128. Recently, there are lots of authenticated encryption schemes that adopt GIFT-128 as their underlying primitive, such as GIFT-COFB and HyENA. To promote a comprehensive perception of the soundness of the designs, we evaluate their security against differential-linear cryptanalysis.
For this, automatic tools have been developed to search differential-linear approximation for the ciphers based on S-boxes. With the assistance of the automatic tools, we find 13-round differential-linear approximations for GIFT-COFB and HyENA. Based on the distinguishers, 18-round key-recovery attacks are given for the message processing phase and initialization phase of both ciphers. Moreover, the resistance of GIFT-64/128 against differential-linear cryptanalysis is also evaluated. The 12-round and 17-round differential-linear approximations are found for GIFT-64 and GIFT-128 respectively, which lead to 18-round and 19-round key-recovery attacks respectively. Here, we stress that our attacks do not threaten the security of these ciphers.
Publisher
International Association for Cryptologic Research
Reference29 articles.
1. GIFT: A Small Present - Towards Reaching the Limit of
Lightweight Encryption;Subhadeep Banik,2017
2. GIFT-COFB;Subhadeep Banik;NIST Lightweight Cryptography Project,2021
3. HyENA;Avik Chakraborti;NIST Lightweight Cryptography Project,2019
4. Differential Cryptanalysis of DES-like Cryptosystems;Eli Biham,1990
5. Linear Cryptanalysis Method for DES Cipher;Mitsuru Matsui,1993