Linear cryptanalysis method for DES cipher
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
The First Experimental Cryptanalysis of the Data Encryption Standard
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
Linear Cryptanalysis Using Multiple Approximations
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
PRESENT: An Ultra-Lightweight Block Cipher
CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
KATAN and KTANTAN -- A Family of Small and Efficient Hardware-Oriented Block Ciphers
CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
PRINTcipher: a block cipher for IC-printing
CHES'10 Proceedings of the 12th international conference on Cryptographic hardware and embedded systems
Differential cryptanalysis of round-reduced PRINTCIPHER: computing roots of permutations
FSE'11 Proceedings of the 18th international conference on Fast software encryption
A cryptanalysis of PRINTcipher: the invariant subspace attack
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
HIGHT: a new block cipher suitable for low-resource device
CHES'06 Proceedings of the 8th international conference on Cryptographic Hardware and Embedded Systems
Combined differential and linear cryptanalysis of reduced-round PRINTcipher
SAC'11 Proceedings of the 18th international conference on Selected Areas in Cryptography
Many weak keys for PRINTCIPHER: fast key recovery and countermeasures
CT-RSA'13 Proceedings of the 13th international conference on Topics in Cryptology
Hi-index | 0.00 |
PRINTcipher is a recent lightweight block cipher designed by Knudsen et al. Some noteworthy characteristics are a burnt-in key, a key-dependent permutation layer and identical round keys. Independent work on PRINTcipher has identified weak key classes that allow for a key recovery -- the obvious countermeasure is to avoid these weak keys at the cost of a small loss of key entropy. This paper identifies several larger classes of weak keys. We show how to distinguish classes of keys and give a 28-round linear attack applicable to half the keys. We show that there are several similar attacks, each focusing on a specific class of keys. We also observe how some specific properties of PRINTcipher allow us to collect several samples from each plaintext---ciphertext pair. We use this property to construct an attack on 29-round PRINTcipher applicable to a fraction 2−5 of the keys.