Full-round Integral Cryptanalysis of the Lightweight Block Cipher INLEC
-
摘要: 随着电信技术的快速发展,物联网设备得到日益普及,针对物联网设备的功耗、数据隐私和安全性等问题,许多轻量级密码算法给出了解决方案。为了应对数据传输过程中电池寿命和能源受限的问题,一种低能耗的轻量级分组密码INLEC被提出以减少物联网设备中的数据泄露。该算法能有效抵抗差分、线性、不可能差分以及侧信道等多种密码分析技术,但尚未对其抵抗积分分析能力进行评估。为此,该文对其在积分分析下的安全性进行全面研究。利用单项式预测技术对INLEC算法进行混合整数线性规划(MILP)建模,首次得到了INLEC的9轮积分区分器。进一步结合扩散层的结构特性,扩展得到10轮积分区分器。在此基础上,利用部分和技术和多密钥猜测方法对算法进行14轮密钥恢复攻击,其数据复杂度为$ {2}^{63} $选择明文,时间复杂度为$ {2}^{89.843} $次14轮加密。分析结果表明,INLEC算法不足以抵抗积分分析。Abstract:
Objective With the rapid development of telecommunication technology, Internet of Things (IoT) devices have been widely deployed in modern applications. However, their limited computing resources and energy supply create challenges for data privacy and security. To address these issues, Feng et al. proposed INLEC, a low-energy lightweight block cipher designed for resource-constrained IoT environments. The designers claimed that INLEC can resist differential, linear, impossible differential, and side-channel attacks. However, its security against integral cryptanalysis has not yet been evaluated. This paper presents a comprehensive full-round integral cryptanalysis of INLEC to assess its actual resistance to integral cryptanalysis. Methods The monomial prediction technique proposed by Hu et al. is used to construct a Mixed Integer Linear Programming (MILP) model for the monomial trails of INLEC. Based on this model, a 9-round integral distinguisher for INLEC is obtained. By further using the structural properties of the diffusion layer, the 9-round integral distinguisher is extended to a 10-round integral distinguisher by adding an initial round. This is the first 10-round integral distinguisher constructed for INLEC. To reduce the complexity of key recovery, a multi-key guessing method is proposed. Combined with the partial-sum technique, this method enables the first 14-round key recovery attack on INLEC. An integral cryptanalysis framework for the full-round INLEC cipher is therefore established. Results and Discussions The analysis shows that the 10-round integral distinguisher provides exploitable balanced bits for key recovery. Based on this distinguisher, the proposed 14-round key recovery attack achieves a data complexity of 263 chosen plaintexts and a time complexity of 289.843 14-round encryptions. These results indicate that the diffusion layer of INLEC does not fully eliminate integral properties within 10 rounds. The remaining structural properties can be used to support key recovery. This finding challenges the original security claims for INLEC and shows that integral properties should be considered when evaluating lightweight block ciphers for IoT applications. Conclusions This paper evaluates the resistance of the lightweight block cipher INLEC to integral cryptanalysis based on monomial prediction. A 9-round integral distinguisher is first constructed using an MILP model of monomial trails. The 9-round integral distinguisher is then extended to a 10-round integral distinguisher by exploiting the structural properties of the diffusion layer. A 14-round key recovery attack is further achieved by combining the partial-sum technique with the multi-key guessing method. The results show that INLEC has insufficient resistance to integral cryptanalysis and that its practical security may be lower than expected. Therefore, more rounds should be considered in the design of such ciphers to resist known integral attacks. -
表 1 INLEC安全性分析结果对比
下载: 导出CSV
-
[1] BOGDANOV A, KNUDSEN L R, LEANDER G, et al. PRESENT: An ultra-lightweight block cipher[C]. The 9th International Workshop on Cryptographic Hardware and Embedded Systems, Vienna, Austria, 2007: 450–466. doi: 10.1007/978-3-540-74735-2_31. [2] BEAULIEU R, SHORS D, SMITH J, et al. The SIMON and SPECK lightweight block ciphers[C]. The 52nd Annual Design Automation Conference, San Francisco, United States, 2015: 175. doi: 10.1145/2744769.2747946. [3] BEIERLE C, JEAN J, KÖLBL S, et al. The SKINNY family of block ciphers and its low-latency variant MANTIS[C]. The 36th Annual International Cryptology Conference on Advances in Cryptology, Santa Barbara, USA, 2016: 123–153. doi: 10.1007/978-3-662-53008-5. [4] GUO Ying, LIU Wenfen, CHEN Wen, et al. ECLBC: A lightweight block cipher with error detection and correction mechanisms[J]. IEEE Internet of Things Journal, 2024, 11(12): 21727–21740. doi: 10.1109/JIOT.2024.3376527. [5] LI Yongchao, WEI Yongzhuang, PASALIC E, et al. LLBC: A novel feistel-based low-latency block cipher for IoT applications[J]. IEEE Internet of Things Journal, 2025, 12(21): 45583–45595. doi: 10.1109/JIOT.2025.3600289. [6] FENG Jiayi, LI Lang, YAN Liuyan, et al. INLEC: An involutive and low energy lightweight block cipher for internet of things[J]. Pervasive and Mobile Computing, 2024, 105: 101991. doi: 10.1016/j.pmcj.2024.101991. [7] ZHONG Yue and GU Jieming. Lightweight block ciphers for resource-constrained environments: A comprehensive survey[J]. Future Generation Computer Systems, 2024, 157: 288–302. doi: 10.1016/j.future.2024.03.054. [8] DAEMEN J, KNUDSEN L, and RIJMEN V. The block cipher square[C]. The 4th International Workshop on Fast Software Encryption, Haifa, Israel, 1997: 149–165. doi: 10.1007/BFb0052343. [9] KNUDSEN L and WAGNER D. Integral cryptanalysis[C]. The 9th International Workshop on Fast Software Encryption, Leuven, Belgium, 2002: 112–127. doi: 10.1007/3-540-45661-9_9. [10] TODO Y. Structural evaluation by generalized integral property [C]. The 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology, Sofia, Bulgaria, 2015: 287–314. doi: 10.1007/978-3-662-46800-5_12. [11] TODO Y and MORII M. Bit-based division property and application to Simon family[C]. The 23rd International Conference on Fast Software Encryption, Bochum, Germany, 2016: 357–377. doi: 10.1007/978-3-662-52993-5_18. [12] XIANG Zejun, ZHANG Wentao, BAO Zhenzhen, et al. Applying MILP method to searching integral distinguishers based on division property for 6 lightweight block ciphers[C]. The 22nd International Conference on the Theory and Application of Cryptology and Information Security on Advances in Cryptology, Hanoi, Vietnam, 2016: 648–678. doi: 10.1007/978-3-662-53887-6. [13] HU Kai and WANG Meiqin. Automatic search for a variant of division property using three subsets[C]. The Cryptographers’ Track at the RSA Conference 2019, San Francisco, USA, 2019: 412–432. doi: 10.1007/978-3-030-12612-4_21. [14] WANG Senpeng, HU Bin, GUAN Jie, et al. MILP-aided method of searching division property using three subsets and applications[C]. The 25th International Conference on the Theory and Application of Cryptology and Information Security on Advances in Cryptology, Kobe, Japan, 2019: 398–427. doi: 10.1007/978-3-030-34618-8_14. [15] TODO Y, ISOBE T, HAO Yonglin, et al. Cube attacks on non-blackbox polynomials based on division property[J]. IEEE Transactions on Computers, 2018, 67(12): 1720–1736. doi: 10.1109/TC.2018.2835480. [16] HAO Yonglin, LEANDER G, MEIER W, et al. Modeling for three-subset division property without unknown subset[J]. Journal of Cryptology, 2021, 34(3): 22. doi: 10.1007/s00145-021-09383-2. [17] HU Kai, SUN Siwei, WANG Meiqin, et al. An algebraic formulation of the division property: Revisiting degree evaluations, cube attacks, and key-independent sums[C]. The 26th International Conference on the Theory and Application of Cryptology and Information Security on Advances in Cryptology, Daejeon, South Korea, 2020: 446–476. doi: 10.1007/978-3-030-64837-4_15. [18] HADIPOUR H and EICHLSEDER M. Integral cryptanalysis of WARP based on monomial prediction[J]. IACR Transactions on Symmetric Cryptology, 2022, 2022(2): 92–112. doi: 10.46586/tosc.v2022.i2.92-112. [19] 王晨, 崔佳敏, 李木舟, 等. 分组密码算法uBlock积分攻击的改进[J]. 电子与信息学报, 2024, 46(5): 2149–2158. doi: 10.11999/JEIT231231.WANG Chen, CUI Jiamin, LI Muzhou, et al. Improved integral cryptanalysis on block cipher uBlock[J]. Journal of Electronics & Information Technology, 2024, 46(5): 2149–2158. doi: 10.11999/JEIT231231. [20] 曾衡顺, 刘亚, 赵逢禹, 等. 基于MILP的11轮INLEC的中间相遇分析[J]. 建模与仿真, 2025, 14(4): 579–592. doi: 10.12677/mos.2025.144311.ZENG Hengshun, LIU Ya, ZHAO Fengyu, et al. MILP-based for meet-in-the-middle attack of 11-round INLEC[J]. Modeling and Simulation, 2025, 14(4): 579–592. doi: 10.12677/mos.2025.144311. [21] FERGUSON N, KELSEY J, LUCKS S, et al. Improved cryptanalysis of Rijndael[C]. The 7th International Workshop on Fast Software Encryption, New York, USA, 2001: 213–230. doi: 10.1007/3-540-44706-7_15. [22] GUPTA K C, PANDEY S K, and SAMANTA S. On the construction of near-MDS matrices[J]. Cryptography and Communications, 2024, 16(2): 249–283. doi: 10.1007/s12095-023-00667-x. [23] SUN Siwei, HU Lei, WANG Peng, et al. Automatic security evaluation and (related-key) differential characteristic search: Application to SIMON, PRESENT, LBlock, DES(L) and other bit-oriented block ciphers[C]. The 20th International Conference on the Theory and Application of Cryptology and Information Security on Advances in Cryptology, Kaoshiung, China, 2014: 158–178. doi: 10.1007/978-3-662-45611-8_9. [24] HADIPOUR H and TODO Y. Cryptanalysis of QARMAv2[J]. IACR Transactions on Symmetric Cryptology, 2024, 2024(1): 188–213. doi: 10.46586/tosc.v2024.i1.188-213. -
图(4) / 表(3)
计量
- 文章访问数: 152
- HTML全文浏览量: 56
- PDF下载量: 16
- 被引次数: 0
下载:
