Initial Observations on Skipjack: Cryptanalysis of Skipjack-3XOR
SAC '98 Proceedings of the Selected Areas in Cryptography
PRESENT: An Ultra-Lightweight Block Cipher
CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
KATAN and KTANTAN -- A Family of Small and Efficient Hardware-Oriented Block Ciphers
CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
CHES'10 Proceedings of the 12th international conference on Cryptographic hardware and embedded systems
PRINTcipher: a block cipher for IC-printing
CHES'10 Proceedings of the 12th international conference on Cryptographic hardware and embedded systems
The IPS compiler: optimizations, variants and concrete efficiency
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
SPONGENT: a lightweight hash function
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
Piccolo: an ultra-lightweight blockcipher
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
KLEIN: a new family of lightweight block ciphers
RFIDSec'11 Proceedings of the 7th international conference on RFID Security and Privacy
The hummingbird-2 lightweight authenticated encryption algorithm
RFIDSec'11 Proceedings of the 7th international conference on RFID Security and Privacy
Hi-index | 0.00 |
KLEIN is a family of lightweight block ciphers presented at RFIDSec 2011 that combines a 4-bit Sbox with Rijndael's byte-oriented MixColumn. This approach allows compact implementations of KLEIN in both low-end software and hardware. This paper shows that interactions between those two components lead to the existence of differentials of unexpectedly high probability: using an iterative collection of differential characteristics and neutral bits in plaintexts, we find conforming pairs for four rounds with amortized cost below 212 encryptions, whereas at least 230 was expected by the preliminary analysis of KLEIN. We exploit this observation by constructing practical (≈235-encryption), experimentally verified, chosen-plaintext key-recovery attacks on up to 8 rounds of KLEIN-64--the instance of KLEIN with 64-bit keys and 12 rounds.