Full-round Integral Cryptanalysis of the Lightweight Block Cipher INLEC
-
摘要: 随着电信技术的快速发展,物联网设备得到日益普及,针对物联网设备的功耗、数据隐私和安全性等问题,许多轻量级密码算法给出了解决方案。为了应对数据传输过程中电池寿命和能源受限的问题,Feng等人提出了一种低能耗的轻量级分组密码INLEC,以减少物联网设备中的数据泄露。作者声称其能有效抵抗差分、线性、不可能差分以及侧信道等多种密码分析技术,但尚未对其抵抗积分分析能力进行评估。为此,该文对其在积分分析下的安全性进行全面研究。利用单项式预测技术对INLEC算法进行混合整数线性规划(MILP)建模,首次得到了INLEC的9轮积分区分器。进一步结合扩散层的结构特性,扩展得到10轮积分区分器。在此基础上,利用部分和技术和多密钥猜测方法对算法进行14轮密钥恢复攻击,其数据复杂度为$ {2}^{63} $选择明文,时间复杂度为$ {2}^{89.843} $次14轮加密。分析结果表明,INLEC算法不足以抵抗积分分析。Abstract:
Objective With the rapid advancement of telecommunication technology, Internet of Things (IoT) devices have become increasingly ubiquitous in modern applications. However, their limited computational capabilities and energy constraints present significant challenges for data privacy and security. To address these challenges, Feng et al. proposed INLEC, a low-energy lightweight block cipher tailored for resource-constrained IoT environments. While the designers claimed that INLEC is resistant to various forms of cryptanalysis—such as differential, linear, impossible differential, and side-channel attacks—its security against integral cryptanalysis has not yet been investigated. The objective of this paper is to conduct a comprehensive full-round integral analysis of the INLEC cipher to evaluate its actual resistance to this important cryptanalytic technique. Methods In this paper, the monomial prediction technique proposed by Hu et al. is utilized to construct a MILP model that characterizes the monomial trails of the INLEC block cipher. Through this model, a 9-round integral distinguisher for INLEC is successfully derived. Furthermore, by leveraging the structural properties of the diffusion layer used in INLEC, the distinguisher is extended to 10 rounds by incorporating an additional initial round. This constitutes the first construction of a 10-round integral distinguisher for INLEC. To further reduce the complexity of key recovery, a multi-key guessing method is proposed. When combined with the partial-sum technique, the first 14-round key recovery attack on INLEC is achieved. Consequently, an integral cryptanalysis framework applicable to the full-round INLEC cipher is established. Results and Discussions The experimental analysis reveals that the 10-round distinguisher provides an effective statistical bias that can be exploited for key recovery. Based on this distinguisher, the proposed 14-round attack achieves a data complexity of $ {2}^{63} $ and a time complexity equivalent to $ {2}^{89.843} $ 14-round encryptions. The attack demonstrates that INLEC’s diffusion layer does not achieve full state randomization within 10 rounds, leaving exploitable structural weaknesses in its internal transformation. These findings challenge the designers’ original security claims and highlight the importance of considering integral properties when assessing lightweight ciphers intended for IoT applications. Conclusions This paper presents a comprehensive evaluation of the resistance of the lightweight block cipher INLEC against integral cryptanalysis, based on the monomial prediction technique. The analysis shows that INLEC is insufficiently resistant to integral attacks, and that the proposed method poses a realistic threat in practical scenarios. These results highlight the need for more rounds in cipher design to defend against known integral cryptanalysis. Additionally, the diffusion layer should be designed to avoid weak algebraic structures, thereby improving resistance to integral attacks. -
[1] BOGDANOV A, KNUDSEN L R, LEANDER G, et al. PRESENT: An ultra-lightweight block cipher[C]. Proceedings of the 9th International Workshop on Cryptographic Hardware and Embedded Systems, Vienna, Austria, 2007: 450–466. doi: 10.1007/978-3-540-74735-2_31. [2] BEAULIEU R, SHORS D, SMITH J, et al. The SIMON and SPECK lightweight block ciphers[C]. Proceedings of the 52nd Annual Design Automation Conference, San Francisco, United States, 2015: 175. doi: 10.1145/2744769.2747946. [3] BEIERLE C, JEAN J, KÖLBL S, et al. The SKINNY family of block ciphers and its low-latency variant MANTIS[C]. Proceedings of the 36th Annual International Cryptology Conference on Advances in Cryptology, Santa Barbara, USA, 2016: 123–153. doi: 10.1007/978-3-662-53008-5. [4] GUO Ying, LIU Wenfen, CHEN Wen, et al. ECLBC: A lightweight block cipher with error detection and correction mechanisms[J]. IEEE Internet of Things Journal, 2024, 11(12): 21727–21740. doi: 10.1109/JIOT.2024.3376527. [5] LI Yongchao, WEI Yongzhuang, PASALIC E, et al. LLBC: A novel feistel-based low-latency block cipher for IoT applications[J]. IEEE Internet of Things Journal, 2025, 12(21): 45583–45595. doi: 10.1109/JIOT.2025.3600289. [6] FENG Jiayi, LI Lang, YAN Liuyan, et al. INLEC: An involutive and low energy lightweight block cipher for internet of things[J]. Pervasive and Mobile Computing, 2024, 105: 101991. doi: 10.1016/j.pmcj.2024.101991. [7] ZHONG Yue and GU Jieming. Lightweight block ciphers for resource-constrained environments: A comprehensive survey[J]. Future Generation Computer Systems, 2024, 157: 288–302. doi: 10.1016/j.future.2024.03.054. [8] DAEMEN J, KNUDSEN L, and RIJMEN V. The block cipher square[C]. Proceedings of the 4th International Workshop on Fast Software Encryption, Haifa, Israel, 1997: 149–165. doi: 10.1007/BFb0052343. [9] KNUDSEN L and WAGNER D. Integral cryptanalysis[C]. Proceedings of the 9th International Workshop on Fast Software Encryption, Leuven, Belgium, 2002: 112–127. doi: 10.1007/3-540-45661-9_9. [10] TODO Y. Structural evaluation by generalized integral property [C]. Proceedings of the 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology, Sofia, Bulgaria, 2015: 287–314. doi: 10.1007/978-3-662-46800-5_12. [11] TODO Y and MORII M. Bit-based division property and application to Simon family[C]. Proceedings of the 23rd International Conference on Fast Software Encryption, Bochum, Germany, 2016: 357–377. doi: 10.1007/978-3-662-52993-5_18. [12] XIANG Zejun, ZHANG Wentao, BAO Zhenzhen, et al. Applying MILP method to searching integral distinguishers based on division property for 6 lightweight block ciphers[C]. Proceedings of the 22nd International Conference on the Theory and Application of Cryptology and Information Security on Advances in Cryptology, Hanoi, Vietnam, 2016: 648–678. doi: 10.1007/978-3-662-53887-6. [13] HU Kai and WANG Meiqin. Automatic search for a variant of division property using three subsets[C]. Proceedings of the Cryptographers’ Track at the RSA Conference 2019, San Francisco, USA, 2019: 412–432. doi: 10.1007/978-3-030-12612-4_21. [14] WANG Senpeng, HU Bin, GUAN Jie, et al. MILP-aided method of searching division property using three subsets and applications[C]. Proceedings of the 25th International Conference on the Theory and Application of Cryptology and Information Security on Advances in Cryptology, Kobe, Japan, 2019: 398–427. doi: 10.1007/978-3-030-34618-8_14. [15] TODO Y, ISOBE T, HAO Yonglin, et al. Cube attacks on non-blackbox polynomials based on division property[J]. IEEE Transactions on Computers, 2018, 67(12): 1720–1736. doi: 10.1109/TC.2018.2835480. [16] HAO Yonglin, LEANDER G, MEIER W, et al. Modeling for three-subset division property without unknown subset[J]. Journal of Cryptology, 2021, 34(3): 22. doi: 10.1007/s00145-021-09383-2. [17] HU Kai, SUN Siwei, WANG Meiqin, et al. An algebraic formulation of the division property: Revisiting degree evaluations, cube attacks, and key-independent sums[C]. Proceedings of the 26th International Conference on the Theory and Application of Cryptology and Information Security on Advances in Cryptology, Daejeon, South Korea, 2020: 446–476. doi: 10.1007/978-3-030-64837-4_15. [18] HADIPOUR H and EICHLSEDER M. Integral cryptanalysis of WARP based on monomial prediction[J]. IACR Transactions on Symmetric Cryptology, 2022, 2022(2): 92–112. doi: 10.46586/tosc.v2022.i2.92-112. [19] 王晨, 崔佳敏, 李木舟, 等. 分组密码算法uBlock积分攻击的改进[J]. 电子与信息学报, 2024, 46(5): 2149–2158. doi: 10.11999/JEIT231231.WANG Chen, CUI Jiamin, LI Muzhou, et al. Improved integral cryptanalysis on block cipher uBlock[J]. Journal of Electronics & Information Technology, 2024, 46(5): 2149–2158. doi: 10.11999/JEIT231231. [20] 曾衡顺, 刘亚, 赵逢禹, 等. 基于MILP的11轮INLEC的中间相遇分析[J]. 建模与仿真, 2025, 14(4): 579–592. doi: 10.12677/mos.2025.144311.ZENG Hengshun, LIU Ya, ZHAO Fengyu, et al. MILP-based for meet-in-the-middle attack of 11-round INLEC[J]. Modeling and Simulation, 2025, 14(4): 579–592. doi: 10.12677/mos.2025.144311. [21] FERGUSON N, KELSEY J, LUCKS S, et al. Improved cryptanalysis of Rijndael[C]. Proceedings of the 7th International Workshop on Fast Software Encryption, New York, USA, 2001: 213–230. doi: 10.1007/3-540-44706-7_15. [22] GUPTA K C, PANDEY S K, and SAMANTA S. On the construction of near-MDS matrices[J]. Cryptography and Communications, 2024, 16(2): 249–283. doi: 10.1007/s12095-023-00667-x. [23] SUN Siwei, HU Lei, WANG Peng, et al. Automatic security evaluation and (related-key) differential characteristic search: Application to SIMON, PRESENT, LBlock, DES(L) and other bit-oriented block ciphers[C]. Proceedings of the 20th International Conference on the Theory and Application of Cryptology and Information Security on Advances in Cryptology, Kaoshiung, China, 2014: 158–178. doi: 10.1007/978-3-662-45611-8_9. [24] HADIPOUR H and TODO Y. Cryptanalysis of QARMAv2[J]. IACR Transactions on Symmetric Cryptology, 2024, 2024(1): 188–213. doi: 10.46586/tosc.v2024.i1.188-213. -
下载:
图(4) / 表(3)
计量
- 文章访问数: 12
- HTML全文浏览量: 1
- PDF下载量: 0
- 被引次数: 0
下载:
