Linear (Hull) and Algebraic Cryptanalysis of the Block Cipher PRESENT

Authors:
Jorge Nakahara, Jr.;Pouyan Sepehrdad;Bingsheng Zhang;Meiqin Wang
Affiliations:
EPFL, Lausanne, Switzerland;EPFL, Lausanne, Switzerland;Cybernetica AS, Estonia and University of Tartu, Estonia;Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Jinan, China 250100
Venue:
CANS '09 Proceedings of the 8th International Conference on Cryptology and Network Security
Year:
2009

Citing 20
Cited 9

Claude Elwood Shannon: collected papers

Claude Elwood Shannon: collected papers
Linear cryptanalysis method for DES cipher

EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
The Design of Rijndael

The Design of Rijndael
Essential Algebraic Structure within the AES

CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Cryptanalysis of Block Ciphers with Overdefined Systems of Equations

ASIACRYPT '02 Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
A new efficient algorithm for computing Gröbner bases without reduction to zero (F5)

Proceedings of the 2002 international symposium on Symbolic and algebraic computation
PRESENT: An Ultra-Lightweight Block Cipher

CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
Specific S-Box Criteria in Algebraic Attacks on Block Ciphers with Several Known Plaintexts

Research in Cryptology
Algebraic and Slide Attacks on KeeLoq

Fast Software Encryption
Bit-Pattern Based Integral Attack

Fast Software Encryption
A Statistical Saturation Attack against the Block Cipher PRESENT

CT-RSA '09 Proceedings of the The Cryptographers' Track at the RSA Conference 2009 on Topics in Cryptology
PolyBoRi: A framework for Gröbner-basis computations with Boolean polynomials

Journal of Symbolic Computation
Lightweight Block Ciphers Revisited: Cryptanalysis of Reduced Round PRESENT and HIGHT

ACISP '09 Proceedings of the 14th Australasian Conference on Information Security and Privacy
Algebraic Techniques in Differential Cryptanalysis

Fast Software Encryption
Efficient algorithms for solving overdefined systems of multivariate polynomial equations

EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Algebraic attacks on stream ciphers with linear feedback

EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
On probability of success in linear and differential cryptanalysis

SCN'02 Proceedings of the 3rd international conference on Security in communication networks
Algebraic cryptanalysis of the data encryption standard

Cryptography and Coding'07 Proceedings of the 11th IMA international conference on Cryptography and coding
A practical attack on KeeLoq

EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Differential cryptanalysis of reduced-round PRESENT

AFRICACRYPT'08 Proceedings of the Cryptology in Africa 1st international conference on Progress in cryptology

Multi-trail statistical saturation attacks

ACNS'10 Proceedings of the 8th international conference on Applied cryptography and network security
Multiple differential cryptanalysis: theory and practice

FSE'11 Proceedings of the 18th international conference on Fast software encryption
FPGA implementation of a statistical saturation attack against PRESENT

AFRICACRYPT'11 Proceedings of the 4th international conference on Progress in cryptology in Africa
Algebraic techniques in differential cryptanalysis revisited

ACISP'11 Proceedings of the 16th Australasian conference on Information security and privacy
Algebraic precomputations in differential and integral cryptanalysis

Inscrypt'10 Proceedings of the 6th international conference on Information security and cryptology
A model for structure attacks, with applications to PRESENT and serpent

FSE'12 Proceedings of the 19th international conference on Fast Software Encryption
ElimLin algorithm revisited

FSE'12 Proceedings of the 19th international conference on Fast Software Encryption
Improved (and practical) public-key authentication for UHF RFID tags

CARDIS'12 Proceedings of the 11th international conference on Smart Card Research and Advanced Applications
Multi-differential cryptanalysis on reduced DM-PRESENT-80: collisions and other differential properties

ICISC'12 Proceedings of the 15th international conference on Information Security and Cryptology

Quantified Score

Hi-index	0.01

Visualization

Abstract

The contributions of this paper include the first linear hull and a revisit of the algebraic cryptanalysis of reduced-round variants of the block cipher PRESENT, under known-plaintext and ciphertext-only settings. We introduce a pure algebraic cryptanalysis of 5-round PRESENT and in one of our attacks we recover half of the bits of the key in less than three minutes using an ordinary desktop PC. The PRESENT block cipher is a design by Bogdanov et al. , announced in CHES 2007 and aimed at RFID tags and sensor networks. For our linear attacks, we can attack 25-round PRESENT with the whole code book, 296.68 25-round PRESENT encryptions, 240 blocks of memory and 0.61 success rate. Further we can extend the linear attack to 26-round with small success rate. As a further contribution of this paper we computed linear hulls in practice for the original PRESENT cipher, which corroborated and even improved on the predicted bias (and the corresponding attack complexities) of conventional linear relations based on a single linear trail.