PRESENT: An Ultra-Lightweight Block Cipher
CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
KATAN and KTANTAN -- A Family of Small and Efficient Hardware-Oriented Block Ciphers
CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
PRINTcipher: a block cipher for IC-printing
CHES'10 Proceedings of the 12th international conference on Cryptographic hardware and embedded systems
Differential cryptanalysis of round-reduced PRINTCIPHER: computing roots of permutations
FSE'11 Proceedings of the 18th international conference on Fast software encryption
A cryptanalysis of PRINTcipher: the invariant subspace attack
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
SPONGENT: a lightweight hash function
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
Combined differential and linear cryptanalysis of reduced-round PRINTcipher
SAC'11 Proceedings of the 18th international conference on Selected Areas in Cryptography
Algebraic cryptanalysis of the round-reduced and side channel analysis of the full PRINTCipher-48
CANS'11 Proceedings of the 10th international conference on Cryptology and Network Security
EPCBC: a block cipher suitable for electronic product code encryption
CANS'11 Proceedings of the 10th international conference on Cryptology and Network Security
Linear cryptanalysis of PRINTcipher: trails and samples everywhere
INDOCRYPT'11 Proceedings of the 12th international conference on Cryptology in India
Hi-index | 0.00 |
In this paper we investigate the invariant property of PRINTcipher first discovered by Leander et al. in their CRYPTO 2011 paper. We provide a complete study and show that there exist 64 families of weak keys for PRINTcipher---48 and as many as 115,669 for PRINTcipher---96. Moreover, we show that searching the weak key space may be substantially sped up by splitting the search into two consecutive steps. We show that for many classes of weak keys, key recovery can be done with very small time complexity in the chosen/known plaintext scenario. This shows that the cipher is actually much more vulnerable to this type of attacks than was even thought previously. Still, effective countermeasures exist against the attack. The method of finding all weak key families has value on its own. It is based on Mixed Linear Integer Programming and can be adapted to solving other interesting problems on similar ciphers.