Turn off MathJax
Article Contents
WANG Caibing, GUO Hao, YE Dingfeng, WANG Ping. Statistical Model on CRAFT[J]. Chinese Journal of Electronics. doi: 10.1049/cje.2021.00.092
 Citation: WANG Caibing, GUO Hao, YE Dingfeng, WANG Ping. Statistical Model on CRAFT[J]. Chinese Journal of Electronics.

# Statistical Model on CRAFT

##### doi: 10.1049/cje.2021.00.092
Funds:  This work is supported by the National Key R&D Program of China (No.2018YFA0704704), Natural Science Foundation of China (NSFC) (No.61772519), and the Chinese Major Program of National Cryptography Development Foundation (No.MMJJ20180102)
• Author Bio:

(corresponding author) is a Ph.D. candidate of Institute of Information Engineering, University of Chinese Academy of Sciences. Her research interest focuses on symmetric cryptanalysis and design. (Email: wangcaibing@iie.ac.cn)

is a Ph.D. candidate of Institute of Information Engineering, University of Chinese Academy of Sciences. His research interest focuses on symmetric cryptanalysis and design. (Email: guohao@iie.ac.cn)

received the Ph.D. degree in mathematics from Chinese Academy of Sciences in 1996. He is a professor in Institute of Information Engineering, University of Chinese Academy of Sciences. His research interests include basic theory of applications of pseudorandom sequences and arrays, analysis of cryptographic algorithms and theoretical cryptography. (Email: yedingfeng@iie.ac.cn)

is a senior engineer at Tianjin Aerospace Zhongwei Data System Technology Co., Ltd. His research interests include communication and remote sensing. (Email: 2231961836@qq.com)

• Received Date: 2021-03-14
• Accepted Date: 2021-05-17
• Available Online: 2021-08-20
• Many cryptanalytic techniques for symmetric-key primitives rely on specific statistical analysis to extract some secrete key information from a large number of known or chosen plaintext-ciphertext pairs. For example, there is a standard statistical model for differential cryptanalysis that determines the success probability and complexity of the attack given some predefined configurations of the attack. In this work, we investigate the differential attack proposed by Guo et al. at Fast Software Encryption Conference 2020 and find that in this attack, the statistical behavior of the counters for key candidates deviate from standard scenarios, where both the correct key ${\boldsymbol{k}}$ and ${\boldsymbol{k \oplus XXX}}$ are expected to receive the largest number of votes. Based on this bimodal behavior, we give three different statistical models for truncated differential distinguisher on CRAFT (a cryptographic algorithm proposed by Beierle et al. in IACR Transactions on Symmetric Cryptology in 2019) for bimodal phenomena. Then, we provide the formulas about the success probability and data complexity for different models under the condition of a fixed threshold value. Also, we verify the validity of our models for bimodal phenomena by experiments on round-reduced of the versions distinguishers on CRAFT. We find that the success probability of theory and experiment are close when we fix the data complexity and threshold value. Finally, we compare the three models using the mathematical tool Matlab and conclude that Model 3 has better performance.
•  [1] Biham Eli and Adi Shamir, “Differential cryptanalysis of DES-like cryptosystems”, Journal of CRYPTOLOGY, Vol.4, No.1, pp.3–72, 1991. [2] Matsui Mitsuru, “Linear cryptanalysis method for DES cipher”, in Workshop on the Theory and Application of Cryptographic Techniques, Springer, pp.386–397, 1993. [3] Biham Eli, “New types of cryptanalytic attacks using related keys”, Journal of Cryptology, Vol.7, No.4, pp.229–246, 1994. [4] David Wagner, “The boomerang attack”, in International Workshop on Fast Software Encryption, Springer, Berlin, Heidelberg, pp.156–170, 1999. [5] Biham Eli, Alex Biryukov and Adi Shamir, “Cryptanalysis of Skipjack reduced to 31 rounds using impossible differentials”, in International Conference on the Theory and Applications of Cryptographic Techniques, Springer, Berlin, Heidelberg, pp.12–23, 1999. [6] Lars R. Knudsen, “Truncated and higher order differentials”, in International Workshop on Fast Software Encryption, Springer, Berlin, Heidelberg, pp.196–211, 1994. [7] Blondeau Céline and Benoît Gérard, “Multiple differential cryptanalysis: Theory and practice”, in International Workshop on Fast Software Encryption, Springer, Berlin, Heidelberg, pp.35–54, 2011. [8] Blondeau Céline, Benoît Gérard and Kaisa Nyberg, “Multiple differential cryptanalysis using LLR and χ2 statistics”, in International Conference on Security and Cryptography for Networks, Springer, pp.343–360, 2012. [9] Biryukov Alex, Christophe De Canniere and Michaël Quisquater, “On multiple linear approximations”, in Annual International Cryptology Conference, Springer, pp.1–22, 2004. [10] Hermelin Miia, Joo Yeon Cho and Kaisa Nyberg, “Multidimensional linear cryptanalysis of reduced round Serpent”, in Australasian Conference on Information Security and Privacy, Springer, Berlin, Heidelberg, pp. 203–215, 2008. [11] Hermelin Miia, Joo Yeon Cho and Kaisa Nyberg, “A new technique for multidimensional linear cryptanalysis with applications on reduced round Serpent”, in Pil Joong Lee and Jung Hee Cheon, ed., Information Security and Cryptology - ICISC 2008, Springer, Vol.5461 of LNCS, pp.383–398, 2009. [12] Hermelin Miia, Joo Yeon Cho and Kaisa Nyberg, “Multidimensional extension of Matsui’s algorithm 2”, in International Workshop on Fast Software Encryption, Springer, Berlin, Heidelberg, pp.209–227, 2009. [13] Ali Aydın Selçuk, “On probability of success in linear and differential cryptanalysis”, Journal of Cryptology, Vol.21, No.1, pp.131–147, 2008. [14] Daemen Joan and Vincent Rijmen, “Probability distributions of correlation and differentials in block ciphers”, Journal of Cryptology, Vol.1, No.3, pp.221–242, 2007. [15] Céline Blondeau and Benoît Gérard, “Links between theoretical and effective differential probabilities: Experiments on PRESENT”, IACR Cryptol. ePrint Arch, Vol.2010, Article No.261, 2010. [16] Céline Blondeau, Benoît Gérard and Jean-Pierre Tillich, “Accurate estimates of the data complexity and success probability for various cryptanalyses”, Designs, Codes and Cryptography, Vol.59, No.1-3, pp.3–34, 2011. [17] Guo Hao, Sun Siwei, Shi Danping, et al., “Differential attacks on CRAFT exploiting the involutory S-boxes and tweak additions”, IACR Transactions on Symmetric Cryptology, Vol.2020, No.3, pp.119–151, 2020. [18] Harpes Carlo, Gerhard G. Kramer and James L. Massey, “A generalization of linear cryptanalysis and the applicability of Matsui’s piling-up lemma”, in International Conference on the Theory and Applications of Cryptographic Techniques, Springer, pp.24–38, 1995. [19] Flórez-Gutiérrez Antonio and María Naya-Plasencia, “Improving key-recovery in linear attacks: Application to 28-round PRESENT”, in Proceedings of 39th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Zagreb, Croatia, Lecture Notes in Computer Science, Springer, Vol.12105, https://2020, 10.1007/978-3-030-45721-1_9, 2020. [20] Beierle C, Leander G, Moradi A, et al., “CRAFT: Lightweight tweakable block cipher with efficient protection against DFA attacks”, IACR Transactions on Symmetric Cryptology, Vol.2019, No.1, pp.5–45, 2019. [21] Sun Siwei, Hu Lei, Wang Peng, et al., “Automatic security evaluation and (related-key) differential characteristic search: Application to SIMON, PRESENT, LBlock, DES (L) and other bit-oriented block ciphers”, in Advances in Cryptology - ASIACRYPT 2014 - Proceedings of the 20th International Conference on the Theory and Application of Cryptology and Information Security, Part I, Springer, pp.158–178, DOI: 10.1007/978-3-662-45611-8_9, 2014. [22] Mouha N, Wang Q, Gu D, et al., “Differential and linear cryptanalysis using mixed-integer linear programming”, in International Conference on Information Security and Cryptology, Springer, pp.57–76, 2011. [23] Sun Siwei, Hu Lei, Wang Meiqin, et al., “Automatic enumeration of (related-key) differential and linear characteristics with predefined properties and its applications”, IACR Cryptol. ePrint Arch., Citeseer, Vol.2014, https://eprint.iacr.org/2014/747, 2014. [24] Seijas-Macías Antonio and Amílcar Oliveira, “An approach to distribution of the product of two normal variables”, Discussiones Mathematicae Probability and Statistics, Vol.32, No.1-2, pp.87–99, 2012. [25] Adelchi Azzalini, “A class of distributions which includes the normal ones”, Scandinavian Journal of Statistics, Vol.12, No.2, pp.171–178, 1986. [26] Nadarajah Saralees and Samuel Kotz, “Exact distribution of the max/min of two Gaussian random variables”, IEEE Trans. on Very Large Scale Integration (VLSI) Systems, Vol.16, No.2, pp.210–212, 2008. [27] S. Banik, A. Bogdanov, T. Isobe, et al., “Midori: A block cipher for low energy”, International Conference on the Theory and Application of Cryptology and Information Security, Springer, pp.411–436, 2015. [28] Hadipour Hosein, et al., “Comprehensive security analysis of CRAFT”, IACR Trans. Symmetric Cryptol., Vol.2019, No.4, pp.290–317, 2019. [29] Muhammad ElSheikh and Amr M. Youssef, “Related-key differential cryptanalysis of full round CRAFT”, in Proceedings of Security, Privacy, and Applied Cryptography Engineering - 9th International Conference, SPACE 2019, pp.50–66, DOI:10.1007/978-3-030-35869-3_6, 2019.

### Catalog

###### 通讯作者: 陈斌, bchen63@163.com
• 1.

沈阳化工大学材料科学与工程学院 沈阳 110142

Figures(8)  / Tables(5)

## Article Metrics

Article views (310) PDF downloads(21) Cited by()

/