SCIENTIA SINICA Informationis, Volume 47, Issue 10: 1395-1410(2017) https://doi.org/10.1360/N112017-00015

## Asymmetric Biclique cryptanalysis of lightweight block ciphers MIBS and I-PRESENT

• AcceptedMar 23, 2017
• PublishedAug 30, 2017
Share
Rating

### Abstract

The security evaluation of lightweight block ciphers plays a critical role in determining the security margins for these ciphers. One method for finding the security margin of a block cipher is Biclique cryptanalysis. In this paper, we present a new schematic for a Biclique attack, which combines asymmetric Biclique and early-abort techniques. We then apply the proposed schematic to MIBS-80 and I-PRESENT-128 to evaluate their security margins. The cryptanalysis for MIBS-80 has a computational complexity of $2^{78.62}$ and a data complexity of $2^{64}$. The cryptanalysis for I-PRESENT-128 has a computational complexity of $2^{127.07}$ and a data complexity of $2^{64}$. Compared to existing schemes, the computational complexity of the two schemes presented here is significantly reduced. Because the total complexity of cryptanalysis depends on the computational complexity, the proposed scheme provides significant advantages. Additionally, this study is the first to use an asymmetric Biclique to attack a full-round I-PRESENT-128.

### References

[1] Bogdanov A, Knudsen L R, Leander G, et al. PRESENT: an ultra-lightweight block cipher. In: Proceedings of International Workshop on Cryptographic Hardware and Embedded Systems. Berlin: Springer, 2007. 450--466. Google Scholar

[2] Cannière C, Dunkelman O, Knevzević M, et al. KATAN and KTANTAN — a family of small and efficient hardware-oriented block ciphers. In: Proceedings of International Workshop on Cryptographic Hardware and Embedded Systems. Berlin: Springer, 2009. 272--288. Google Scholar

[3] Wu W L, Zhang L. LBLOCK: a lightweight block cipher. In: Proceedings of the 9th International Conference on the Applied Cryptography and Network Security, Malaga, 2011. 327--344. Google Scholar

[4] Guo J, Peyrin T, Poschmann A, et al. The LED block cipher. Cryptographic Hardware Embedded Syst, 2011, 6917: 326--341. Google Scholar

[5] Borghoff J, Canteaut A, Güneysu T, et al. PRINCE--a low-latency block cipher for pervasive computing applications. In: Proceedings of the 18th International Conference on International Conference on the Theory and Application of Cryptology and Information Security. Berlin: Springer, 2012. 208--225. Google Scholar

[6] Beaulieu R, Shors D, Smith J, et al. The simon and speck families of lightweight block ciphers. In: Proceedings of the 52nd ACM/EDAC/IEEE Design Automation Conference, San Francisco, 2015. 1--6. Google Scholar

[7] Izadi M, Sadeghiyan B, Sadeghian S S, et al. MIBS: a new lightweight block cipher. In: Proceedings of International Conference on Cryptology and Network Security, Kanazawa, 2009. 334--348. Google Scholar

[8] Bay A, Jr J N, Vaudenay S. Cryptanalysis of reduced-round MIBS block cipher. In: Proceedings of Cryptology and Network Security. Berlin: Springer, 2010. 1--19. Google Scholar

[9] Yu X L, Wu W L, Li Y J. Integral attack of reduced-round MIBS block cipher. J Comput Res Dev, 2013, 50: 2117--2125. Google Scholar

[10] Pan Z S, Guo J S, Cao J K, et al. Integral attack on MIBS block cipher. J Commun, 2014, 35: 157--163. Google Scholar

[11] Chen P, Liao F C, Wei H R. Related-key impossible differential attack on a lightweight block cipher MIBS. J Commun, 2014, 35: 190--193. Google Scholar

[12] Luo F, Ou Q Y, Zhou X G, et al. A Biclique cryptanalysis on lightweight block cipher MIBS-80. J Softw, 2015, 26: 8--16. Google Scholar

[13] Hossein F S M, Mohammad D, Mohsen S. Biclique cryptanalysis of MIBS80 and PRESENT80 block ciphers. Secur Commun Netw, 2015, 9: 27--33. Google Scholar

[14] Z'aba M R, Jamil N, Rusli M E, et al. I-PRESENT: an involutive lightweight block cipher. J Inf Secur, 2014, 5: 114--122. Google Scholar

[15] Khovratovich D, Rechberger C, Savelieva A. Biclique for preimages: attacks on Skein-512 and the SHA-2 family. In: Proceedings of the 19th Annual Fast Software Encryption Workshop, Washington, 2012. 208--225. Google Scholar

[16] Bogdanov A, Khovratovich D, Rechberger C. Biclique cryptanalysis of the full AES. In: Proceedings of the 17th International Conference on the Theory and Application and Information Security, Seoul, 2011. 344--371. Google Scholar

[17] Chen S Z, Liu J. Biclique cryptanalysis on full 3D block cipher. Chinese J Comput, 2014, 37: 1063--1070. Google Scholar

[18] Mala H. Biclique-based cryptanalysis of the block cipher SQUARE. IET Inf Secur, 2014, 8: 207-212 CrossRef Google Scholar

[19] Hong D, Koo B, Kwon D. Biclique attack on the full HIGHT. In: Proceedings of the International Conference on Information Security and Cryptology, Seoul, 2011. 365--374. Google Scholar

[20] Wang Y, Wu W, Yu X. Biclique cryptanalysis of reduced-bound Piccolo block cipher. In: Proceedings of the 8th International Conference on the Information Security Practice and Experience, Hangzhou, 2012. 337--352. Google Scholar

[21] Wang Y F, Wu W L, Yu X L, et al. Security on LBlock against biclique cryptanalysis. In: Proceedings of Information Security Applications. Berlin: Springer, 2012. 1--14. Google Scholar

[22] Çoban M, Karakoç F, Boztas Ö. Biclique Cryptanalysis of TWINE. Berlin: Springer, 2012. 43--55. Google Scholar

[23] Aref M R, Ahmadian Z, Salmasizadeh M. Biclique cryptanalysis of the full-round KLEIN block cipher. IET Inf Secur, 2015, 9: 294-301 CrossRef Google Scholar

[24] Shakiba M, Dakhilalian M, Mala H. Non-isomorphic biclique cryptanalysis of full-round Crypton. Comp Standards Interfaces, 2015, 41: 72-78 CrossRef Google Scholar

[25] Lu J, Kim J, Keller N, et al. Improving the efficiency of impossible differential cryptanalysis of reduced Camellia and MISTY1. In: Proceedings of the Cryptopgraphers' Track at the RSA Conference on Topics in Cryptology. Berlin: Springer, 2008. 370--386. Google Scholar

• Figure 1

Asymmetric Biclique cryptanalysis

• Figure 2

The $i$-th round construction of MIBS

• Figure 3

(Color online) Key schedule of MIBS-80

• Figure 4

10 rounds Biclique of MIBS-80

• Figure 5

Forward partial matching of MIBS-80

• Figure 6

Backward partial matching of MIBS-80

• Figure 7

The round construction of I-PRESENT

• Figure 8

(Color online) Key schedule of I-PRESENT-128

• Figure 9

6 rounds Biclique of I-PRESENT-128

• Figure 10

(Color online) Forward partial matching of I-PRESENT-128

• Figure 11

(Color online) Backward partial matching of I-PRESENT-128

• Table 1   A comparison of attacks on MIBS-80
 Attack Rounds Data complexity Computational complexity Method Impossible differential 14 $2^{54}$ $2^{56}$ [11] Biclique 12 $2^{52}$ $2^{77.13}$ [12] Biclique 32(full) $2^{52}$ $2^{78.98}$ [13] Biclique 32(full) $2^{64}$ $2^{78.62}$ Ours
• Table 2   The S-box used in I-PRESENT
 State Correspondence $x$ 0 1 2 3 4 5 6 7 8 9 A B C D E F $S(x)$ D 6 1 F 4 8 B 5 0 3 A C 9 E 7 2 $x$ 0 1 2 3 4 5 6 7 8 9 A B C D E F $S^{-1}(x)$ 8 2 F 9 4 7 1 E 5 C A 6 B 0 D 3
• Table 3   The S-box used in the function Invo
 State Correspondence $x$ 0 1 2 3 4 5 6 7 8 9 A B C D E F $\hat{S}(x)$ E A 2 C 4 8 F D 5 9 1 B 3 7 0 6

Citations

• #### 0

Altmetric

Copyright 2020 Science China Press Co., Ltd. 《中国科学》杂志社有限责任公司 版权所有