Related-Key Zero-Correlation Linear Attacks on Block Ciphers with Linear Key Schedules

ZHANG Yi; ZHANG Kai; CUI Ting

doi:10.23919/cje.2022.00.419

Volume 33 Issue 3

May 2024

Turn off MathJax

Article Contents

Article Navigation > Chinese Journal of Electronics > 2024 > 33(3): 672-682

Yi ZHANG, Kai ZHANG, and Ting CUI, “Related-Key Zero-Correlation Linear Attacks on Block Ciphers with Linear Key Schedules,” Chinese Journal of Electronics, vol. 33, no. 3, pp. 672–682, 2024 doi: 10.23919/cje.2022.00.419

Citation:

Yi ZHANG, Kai ZHANG, and Ting CUI, “Related-Key Zero-Correlation Linear Attacks on Block Ciphers with Linear Key Schedules,” Chinese Journal of Electronics, vol. 33, no. 3, pp. 672–682, 2024 doi: 10.23919/cje.2022.00.419

Citation:

PDF( 6031 KB)

Related-Key Zero-Correlation Linear Attacks on Block Ciphers with Linear Key Schedules

doi: 10.23919/cje.2022.00.419

1.
PLA SSF Information Engineering University, Zhengzhou 450000, China

More Information

Author Bio:
Yi ZHANG received the B.S. degree in cryptology from PLA SSF Information Engineering University, Zhengzhou, China, in 2016. He is currently studing for the M.S. degree in the Department of Applied Mathematics, PLA SSF Information Engineering University, Zhengzhou, China. His current research interests include block cipher design and cryptanalysis. (Email: yizhang0796@foxmail.com)

Kai ZHANG received the Ph.D. degree in cryptology from the Information Science and Technology Institute, Zhengzhou, China, in 2016. His main research interests include design and analysis of symmetric ciphers. His works have been published in several refereed journals and he has been serving as a referee for several famous international journals in the area of information security and cryptology. (Email: zhkai2010@139.com)

Ting CUI is currently a Professor at the Department of Applied Mathematics, PLA SSF Information Engineering University, China. His current research interests include cryptography and cyberspace security. His works have been published in several refereed journals and he has been serving as a referee for several famous international journals in the area of information security and cryptology. (Email: cuiting_1209@hotmail.com)
Corresponding author: Email: cuiting_1209@hotmail.com
Received Date: 2022-12-07
Accepted Date: 2023-03-13

Available Online: 2023-07-17

Publish Date: 2024-05-05

Abstract

Abstract

Related-key model is a favourable approach to improve attacks on block ciphers with a simple key schedule. However, to the best of our knowledge, there are a few results in which zero-correlation linear attacks take advantage of the related-key model. We ascribe this phenomenon to the lack of consideration of the key input in zero-correlation linear attacks. Concentrating on the linear key schedule of a block cipher, we generalize the zero-correlation linear attack by using a related-key setting. Specifically, we propose the creation of generalized linear hulls (GLHs) when the key input is involved; moreover, we indicate the links between GLHs and conventional linear hulls (CLHs). Then, we prove that the existence of zero-correlation GLHs is completely determined by the corresponding CLHs and the linear key schedule. In addition, we introduce a method to construct zero-correlation GLHs by CLHs and transform them into an integral distinguisher. The correctness is verified by applying it to SIMON16/16, a SIMON-like toy cipher. Based on our method, we find 12/13/14/15/15/17/20/22-round related-key zero-correlation linear distinguishers of SIMON32/64, SIMON48/72, SIMON48/96, SIMON64/96, SIMON64/128, SIMON96/144, SIMON128/192 and SIMON128/256, respectively. As far as we know, these distinguishers are one, two, or three rounds longer than current best zero-correlation linear distinguishers of SIMON.
- Zero-correlation linear attack,
- Related-key model,
- Linear key schedule,
- Block cipher,
- SIMON

FullText(HTML)

References(25)

References

[1]	L. R. Knudsen, “Cryptanalysis of loki 91,” in Proceedings of International Workshop on the Theory and Application of Cryptographic Techniques, Queensland, Australia, pp.196–208, 1992.
[2]	E. Biham, “New types of cryptanalytic attacks using related keys,” Journal of Cryptology, vol. 7, no. 4, pp. 229–246, 1994. doi: 10.1007/BF00203965
[3]	A. Bogdanov, C. Boura, V. Rijmen, et al., “Key difference invariant bias in block ciphers,” in Proceedings of the 19th International Conference on the Theory and Application of Cryptology and Information Security, Bengaluru, India, pp.357–376, 2013.
[4]	J. K. Lee, B. Koo, and W. H. Kim, “A general framework for the related-key linear attack against block ciphers with linear key schedules,” in Proceedings of the 26th International Conference on Selected Areas in Cryptography, Waterloo, ON, Canada, pp.194–224, 2019.
[5]	W. Q. Cao and W. T. Zhang, “Multidimensional linear cryptanalysis with key difference invariant bias for block ciphers,” Cybersecurity, vol. 4, no. 1, article no. 32, 2021. doi: 10.1186/s42400-021-00096-4
[6]	A. Bogdanov and V. Rijmen, “Linear hulls with correlation zero and linear cryptanalysis of block ciphers,” Designs, Codes and Cryptography, vol. 70, no. 3, pp. 369–383, 2014. doi: 10.1007/s10623-012-9697-z
[7]	M. Hermelin, J. Y. Cho, and K. Nyberg, “Multidimensional linear cryptanalysis,” Journal of Cryptology, vol. 32, no. 1, pp. 1–34, 2019. doi: 10.1007/s00145-018-9308-x
[8]	A. Bogdanov, G. Leander, K. Nyberg, et al., “Integral and multidimensional linear distinguishers with correlation zero,” in Proceedings of the 18th International Conference on the Theory and Application of Cryptology and Information Security, Beijing, China, pp.244–261, 2012.
[9]	R. Ankele, C. Dobraunig, J. Guo, et al., “Zero-correlation attacks on tweakable block ciphers with linear tweakey expansion,” IACR Transactions on Symmetric Cryptology, vol. 2019, no. 1, pp. 192–235, 2019. doi: 10.13154/tosc.v2019.i1.192-235
[10]	C. Niu, M. Z. Li, S. W. Sun, et al., “Zero-correlation linear cryptanalysis with equal treatment for plaintexts and tweakeys,” in Proceedings of Cryptographers’ Track at the RSA Conference, Virtual Event, pp.126–147, 2021.
[11]	R. Beaulieu, D. Shors, J. Smith, et al., “The simon and speck families of lightweight block ciphers,” Cryptology ePrint Archive, in press, 2013.
[12]	M. Matsui, “On correlation between the order of S-boxes and the strength of DES,” in Proceedings of Workshop on the Theory and Application of of Cryptographic Techniques, Perugia, Italy, pp.366–375, 1994.
[13]	Z. B. Liu, Y. Q. Li, L. Jiao, et al., “On the upper bound of squared correlation of simon-like functions and its applications,” IET Information Security, vol. 16, no. 3, pp. 220–234, 2022. doi: 10.1049/ise2.12057
[14]	Z. B. Liu, Y. Q. Li, and M. S. Wang, “Optimal differential trails in SIMON-like ciphers,” IACR Transactions on Symmetric Cryptology, vol. 2017, no. 1, pp. 358–379, 2017. doi: 10.13154/tosc.v2017.i1.358-379
[15]	Y. Todo and M. Morii, “Bit-based division property and application to SIMON family,” in Proceedings of the 23rd International Conference on Fast Software Encryption, Bochum, Germany, pp.357–377, 2016.
[16]	Z. J. Xiang, W. T. Zhang, Z. Z. Bao, et al., “Applying MILP method to searching integral distinguishers based on division property for 6 lightweight block ciphers,” in Proceedings of the 22nd International Conference on the Theory and Application of Cryptology and Information Security, Hanoi, Vietnam, pp.648–678, 2016.
[17]	S. P. Wang, B. Hu, J. Guan, et al., “Exploring secret keys in searching integral distinguishers based on division property,” IACR Transactions on Symmetric Cryptology, vol. 2020, no. 3, pp. 288–304, 2020. doi: 10.13154/tosc.v2020.i3.288-304
[18]	L. Sun, K. Fu, and M. Q. Wang, “Improved zero-correlation cryptanalysis on SIMON,” in Proceedings of the 11th International Conference on Information Security and Cryptology, Beijing, China, pp.125–143, 2015.
[19]	X. L. Yu, W. L. Wu, Z. Q. Shi, et al., “Zero-correlation linear cryptanalysis of reduced-round SIMON,” Journal of Computer Science and Technology, vol. 30, no. 6, pp. 1358–1369, 2015. doi: 10.1007/s11390-015-1603-5
[20]	Q. J. Wang, Z. Q. Liu, K. Varıcı, et al., “Cryptanalysis of reduced-round SIMON32 and SIMON48,” in Proceedings of the 15th International Conference on Cryptology in India, New Delhi, India, pp.143–160, 2014.
[21]	K. Nyberg, “Correlation theorems in cryptanalysis,” Discrete Applied Mathematics, vol. 111, no. 1-2, pp. 177–188, 2001. doi: 10.1016/S0166-218X(00)00351-6
[22]	M. Matsui, “The first experimental cryptanalysis of the data encryption standard,” in Proceedings of the 14th Annual International Cryptology Conference, Santa Barbara, CA, USA, pp.1–11, 1994.
[23]	T. Kranz, G. Leander, and F. Wiemer, “Linear cryptanalysis: Key schedules and tweakable block ciphers,” IACR Transactions on Symmetric Cryptology, vol. 2017, no. 1, pp. 474–505, 2017. doi: 10.13154/tosc.v2017.i1.474-505
[24]	B. Sun, Z. Q. Liu, V. Rijmen, et al., “Links among impossible differential, integral and zero correlation linear cryptanalysis,” in Proceedings of the 35th Annual Cryptology Conference, Santa Barbara, CA, USA, pp.95–115, 2015.
[25]	E. Biham, “On Matsui’s linear cryptanalysis,” in Proceedings of Workshop on the Theory and Application of Cryptographic Techniques, Perugia, Italy, pp.341–355, 1994.