Differential Analysis and Meet-in-the-Middle Attack against Round-Reduced TWINE

Biryukov, Alex; Derbez, Patrick; Perrin, Léo Paul

Reference : Differential Analysis and Meet-in-the-Middle Attack against Round-Reduced TWINE


	Document type :	Scientific congresses, symposiums and conference proceedings : Paper published in a book
	Discipline(s) :	Engineering, computing & technology : Computer science
	To cite this reference:	http://hdl.handle.net/10993/20038

Title :	Differential Analysis and Meet-in-the-Middle Attack against Round-Reduced TWINE
Language :	English
Author, co-author :	Biryukov, Alex [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
	Derbez, Patrick [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
	Perrin, Léo Paul [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Publication date :	Mar-2015
Main document title :	Fast Software Encryption - 22nd International Workshop, FSE 2015, Istanbul, March 8-11, 2015
Editor :	Leander, Gregor
Publisher :	Springer-Verlag
Collection and collection volume :	Security and Cryptology, 9054
Pages :	3-27
Peer reviewed :	Yes
Audience :	International
ISBN :	978-3-662-48116-5
City :	Berlin
Country :	Germany
Event name :	22nd International Workshop on Fast Software Encryption
Event date :	from 08-03-2015 to 11-03-2015.
Keywords :	[en] TWINE ; LBlock ; Meet-in-the-Middle Attack ; Tuncated Differential Cryptanalysis
Abstract :	[en] TWINE is a recent lightweight block cipher based on a Feistel structure. We first present two new attacks on TWINE-128 reduced to 25 rounds that have a slightly higher overall complexity than the 25-round attack presented by Wang and Wu at ACISP 2014, but a lower data complexity. Then, we introduce alternative representations of both the round function of this block cipher and of a sequence of 4 rounds. LBlock, another lightweight block cipher, turns out to exhibit the same behaviour. Then, we illustrate how this alternative representation can shed new light on the security of TWINE by deriving high probability iterated truncated differential trails covering 4 rounds with probability $2^{-16}$. The importance of these is shown by combining different truncated differential trails to attack 23-rounds TWINE-128 and by giving a tighter lower bound on the high probability of some differentials by clustering differential characteristics following one of these truncated trails. A comparison between these high probability differentials and those recently found in a variant of LBlock by Leurent highlights the importance of considering the whole distribution of the coefficients in the difference distribution table of a S-Box and not only their maximum value.
Funders :	Fonds National de la Recherche - FnR
Name of the research project :	I2R-DIR-PFN-12ACRY > CORE 2012 C12/IS/4009992 ACRYPT - APllied Cryptography for I > 01/07/2013 - 30/06/2016 > BIRYUKOV Alex
Permalink :	http://hdl.handle.net/10993/20038

File(s) associated to this reference

Fulltext file(s):

	File	Commentary	Version	Size	Access
Limited access	twine.pdf		Author preprint	702.89 kB	Request a copy

All documents in ORBi^lu are protected by a user license.

University of Luxembourg Library | Feedback | Legal notices