Serpent: A New Block Cipher Proposal
FSE '98 Proceedings of the 5th International Workshop on Fast Software Encryption
Cryptanalysis of Skipjack Reduced to 31 Rounds Using Impossible Differentials
Journal of Cryptology
PRESENT: An Ultra-Lightweight Block Cipher
CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
A Statistical Saturation Attack against the Block Cipher PRESENT
CT-RSA '09 Proceedings of the The Cryptographers' Track at the RSA Conference 2009 on Topics in Cryptology
Weak Keys of Reduced-Round PRESENT for Linear Cryptanalysis
Selected Areas in Cryptography
Differential cryptanalysis of reduced-round PRESENT
AFRICACRYPT'08 Proceedings of the Cryptology in Africa 1st international conference on Progress in cryptology
PRINTcipher: a block cipher for IC-printing
CHES'10 Proceedings of the 12th international conference on Cryptographic hardware and embedded systems
Hummingbird: ultra-lightweight cryptography for resource-constrained devices
FC'10 Proceedings of the 14th international conference on Financial cryptograpy and data security
Multiple differential cryptanalysis: theory and practice
FSE'11 Proceedings of the 18th international conference on Fast software encryption
LBlock: a lightweight block cipher
ACNS'11 Proceedings of the 9th international conference on Applied cryptography and network security
Linear cryptanalysis of reduced-round PRESENT
CT-RSA'10 Proceedings of the 2010 international conference on Topics in Cryptology
The hummingbird-2 lightweight authenticated encryption algorithm
RFIDSec'11 Proceedings of the 7th international conference on RFID Security and Privacy
The 128-bit blockcipher CLEFIA
FSE'07 Proceedings of the 14th international conference on Fast Software Encryption
Threshold implementations of all 3×3 and 4×4 s-boxes
CHES'12 Proceedings of the 14th international conference on Cryptographic Hardware and Embedded Systems
Improbable differential cryptanalysis
Proceedings of the 6th International Conference on Security of Information and Networks
Hi-index | 7.29 |
In this study, we introduce a new criteria for evaluating S-boxes and attack Present by exploiting its S-box. Depending on the design of an S-box, when a specific difference is given as the input (resp. output) of the S-box, the difference of at least one of the output (resp. input) bits of the S-box may be guessed with probability 1. We call such bits undisturbed and they are helpful for constructing longer or better truncated, impossible or improbable differentials. Without using undisturbed bits, the longest improbable differential attack we could find for Present had a length of 7-rounds. However, we show that Present's S-box has 6 undisturbed bits and by using them, we can construct 10-round improbable differentials and attack Present reduced to 13 rounds. Hence, undisturbed bits should be avoided by S-box designers.