Advanced Search
Volume 44 Issue 9
Sep.  2022
Turn off MathJax
Article Contents
HU Bin, ZHANG Guixian. Integral Cryptanalysis and Impossible Differential Cryptanalysis of the μ2 Algorithm[J]. Journal of Electronics & Information Technology, 2022, 44(9): 3335-3342. doi: 10.11999/JEIT210638
Citation: HU Bin, ZHANG Guixian. Integral Cryptanalysis and Impossible Differential Cryptanalysis of the μ2 Algorithm[J]. Journal of Electronics & Information Technology, 2022, 44(9): 3335-3342. doi: 10.11999/JEIT210638

Integral Cryptanalysis and Impossible Differential Cryptanalysis of the μ2 Algorithm

doi: 10.11999/JEIT210638
Funds:  The National Natural Science Foundation of China (61802438)
  • Received Date: 2021-06-28
  • Accepted Date: 2022-03-10
  • Rev Recd Date: 2022-02-26
  • Available Online: 2022-03-20
  • Publish Date: 2022-09-19
  • $ {\mu ^{\text{2}}} $ is a lightweight block cipher designed by Yeoh et al (doi: 10.1007/978-981-15-0058-9-27). The cipher has 15 rounds in total and adopts TYPE-II generalized feistel network. The ability of the $ {\mu ^{\text{2}}} $ algorithm to resist differential analysis and linear analysis is evaluated by Yeoh et al. in the design document, but the ability of $ {\mu ^{\text{2}}} $ algorithm to resist integral attack and impossible differential attack is not clear. In this paper, 8/9-round integral distinguishers and 9-round impossible difference are given. Using 8-round integral distinguishers, 9-round $ {\mu ^{\text{2}}} $ is attacked and the time complexity of the attack is ${2^{76}}$ 9-round encryptions, the data complexity is ${2^{48}}$, and the memory complexity is ${2^{48}}$. Using 9-round impossible difference, 11-round $ {\mu ^{\text{2}}} $ is attacked and the time complexity of the attack is ${2^{49}}$ 11-round encryptions, the data complexity is ${2^{64}}$ pairs of plaintexts. The results show that the 9-round $ {\mu ^{\text{2}}} $ algorithm can not resist integral attack, and the 11-round $ {\mu ^{\text{2}}} $ algorithm can not resist impossible differential analysis. In addition, the ability of $ {\mu ^{\text{2}}} $ algorithm to resist differential attack is reevaluated, and the maximum probability of differential characteristic of 4-round $ {\mu ^{\text{2}}} $ algorithm is ${{\text{2}}^{{{ - 39}}}}$, which is more compact than the probability ${2^{ - 3{\text{6}}}}$ of 4-round differential characteristic pointed out in the design report.
  • loading
  • [1]
    KNUDSEN L and WAGNER D. Integral cryptanalysis: Extended abstract[C]. The 9th International Workshop on Fast Software Encryption, Leuven, Belgium, 2002: 112–127.
    [2]
    TODO Y. Structural evaluation by generalized integral property[C]. The 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Sofia, Bulgaria, 2015: 287–314.
    [3]
    TODO Y. Integral cryptanalysis on full MISTY1[C]. The 35th Annual Cryptology Conference, Santa Barbara, USA, 2015: 413–432.
    [4]
    TODO Y and MORII M. Bit-based division property and application to Simon family[C]. The 23rd International Conference on Fast Software Encryption, Bochum, Germany, 2016: 357–377.
    [5]
    XIANG Zejun, ZHANG Wentao, BAO Zhenzhen, et al. Applying MILP method to searching integral distinguishers based on division property for 6 lightweight block ciphers[C]. The 22nd International Conference on the Theory and Application of Cryptology and Information Security, Hanoi, Vietnam, 2016: 648–678.
    [6]
    HU Kai and WANG Meiqin. Automatic search for a variant of division property using three subsets[C]. Cryptographers’ Track at the RSA Conference, San Francisco, USA, 2019: 412–432.
    [7]
    WANG Senpeng, HU Bin, GUAN Jie, et al. MILP-aided method of searching division property using three subsets and applications[C]. The 25th International Conference on the Theory and Application of Cryptology and Information Security, Kobe, Japan, 2019: 398–427.
    [8]
    HU Kai, SUN Siwei, WANG Meiqin, et al. An algebraic formulation of the division property: Revisiting degree evaluations, cube attacks, and key-independent sums[C]. The 26th International Conference on the Theory and Application of Cryptology and Information Security, Daejeon, South Korea, 2020: 446–476.
    [9]
    BIHAM E and SHAMIR A. Differential Cryptanalysis of the Data Encryption Standard[M]. New York: Springer, 1993: 11–32.
    [10]
    MOUHA N, WANG Qingju, GU Dawu, et al. Differential and linear cryptanalysis using mixed-integer linear programming[C]. The 7th International Conference on Information Security and Cryptology, Beijing, China, 2012: 57–76. doi: /10.1007/978-3-642-34704-7_5.
    [11]
    WU Shengbao and WANG Mingsheng. Security evaluation against differential cryptanalysis for block cipher structures[EB/OL]. https://eprint.iacr.org/2011/551.pdf, 2011.
    [12]
    SUN Siwei, HU Lei, WANG Peng, et al. Automatic security evaluation and (related-key) differential characteristic search: Application to SIMON, PRESENT, LBlock, DES(L) and other bit-oriented block ciphers[C]. The 20th International Conference on the Theory and Application of Cryptology and Information Security, Kaoshiung, China, 2014: 158–178.
    [13]
    SUN Siwei, HU Lei, WANG Meiqin, et al. Towards finding the best characteristics of some bit-oriented block ciphers and automatic enumeration of (related-key) differential and linear characteristics with predefined properties[EB/OL]. https://eprint.iacr.org/2014/747.pdf, 2014.
    [14]
    SASAKI Y and TODO Y. New algorithm for modeling s-box in MILP based differential and division trail search[C]. The 10th International Conference for Information Technology and Communications, Bucharest, Romania, 2017: 150–165.
    [15]
    ZHOU Chunning, ZHANG Wentao, DING Tianyou, et al. Improving the MILP-based security evaluation algorithm against differential/linear cryptanalysis using a divide-and-conquer approach[EB/OL]. https://eprint.iacr.org/2019/019.pdf, 2019.
    [16]
    BOURA C and COGGIA D. Efficient MILP modelings for sboxes and linear layers of SPN ciphers[J]. IACR Transactions on Symmetric Cryptology, 2020, 2020(3): 327–361. doi: 10.13154/tosc.v2020.i3.327-361
    [17]
    BIHAM E, BIRYUKOV A, and SHAMIR A. Cryptanalysis of skipjack reduced to 31 rounds using impossible differentials[J]. Journal of Cryptology, 2005, 18(4): 291–311. doi: 10.1007/s00145-005-0129-3
    [18]
    KNUDSEN L R. DEAL-A 128-bit block cipher[EB/OL]. https://www.researchgate.net/publication/2452654_DEAL_-_A_128-bit_Block_Cipher, 2014.
    [19]
    YEOH W Z, TEH J S, and SAZALI M I S B M. µ2: A lightweight block cipher[C]. The 6th Computational Science and Technology, Kota Kinabalu, Malaysia, 2019: 281–290.
  • 加载中

Catalog

    通讯作者: 陈斌, bchen63@163.com
    • 1. 

      沈阳化工大学材料科学与工程学院 沈阳 110142

    1. 本站搜索
    2. 百度学术搜索
    3. 万方数据库搜索
    4. CNKI搜索

    Figures(5)  / Tables(3)

    Article Metrics

    Article views (462) PDF downloads(80) Cited by()
    Proportional views
    Related

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return