ETRI Journal

Electronics and Telecommunications Research Institute (한국전자통신연구원)
권호 표지
DOI QR코드

DOI QR Code

Impossible Differential Cryptanalysis on Lai-Massey Scheme

  • Guo, Rui (Department of Information Security, the School of Information Science and Technology Institute) ;
  • Jin, Chenhui (Department of Information Security, the School of Information Science and Technology Institute)
  • Received : 2013.12.24
  • Accepted : 2014.07.23
  • Published : 2014.12.01
Download PDF
⟨ Previous Next ⟩

Abstract

The Lai-Massey scheme, proposed by Vaudenay, is a modified structure in the International Data Encryption Algorithm cipher. A family of block ciphers, named FOX, were built on the Lai-Massey scheme. Impossible differential cryptanalysis is a powerful technique used to recover the secret key of block ciphers. This paper studies the impossible differential cryptanalysis of the Lai-Massey scheme with affine orthomorphism for the first time. Firstly, we prove that there always exist 4-round impossible differentials of a Lai-Massey cipher having a bijective F-function. Such 4-round impossible differentials can be used to help find 4-round impossible differentials of FOX64 and FOX128. Moreover, we give some sufficient conditions to characterize the existence of 5-, 6-, and 7-round impossible differentials of Lai-Massey ciphers having a substitution-permutation (SP) F-function, and we observe that if Lai-Massey ciphers having an SP F-function use the same diffusion layer and orthomorphism as a FOX64, then there are indeed 5- and 6-round impossible differentials. These results indicate that both the diffusion layer and orthomorphism should be chosen carefully so as to make the Lai-Massey cipher secure against impossible differential cryptanalysis.

Keywords

References

  1. E. Biham and A. Shamir, "Differential Cryptanalysis of DES-like Cryptosystems," Advances in Cryptology - CRYPTO'90, LNCS 537, Berlin, Germany: Springer-Verlag, 1991, pp. 2-21.
  2. M. Matsui, "Linear Cryptanalysis Method for DES Cipher," Advances in Cryptology - EUROCRYPT'93, LNCS 765, Berlin, Germany: Springer-Verlag, 1994, pp. 386-397.
  3. K. Nyberg and L.R. Knudsen, "Provable Security against Differential Cryptanalysis," Advances in Cryptology - CRYPTO'92, LNCS 740, Berlin, Germany: Springer-Verlag, 1993, pp. 566-574.
  4. S. Hong et al., Provable Security against Differential and Linear Cryptanalysis for the SPN Structure, FSE'00, LNCS 1978, Berlin, Germany: Springer-Verlag, 2001, pp. 273-283.
  5. S. Hong et al., "Provable Security for 13 Round Skipjack-like Structure," Inf. Proc. Lett., vol. 82, no. 5, 2002, pp. 243-246. https://doi.org/10.1016/S0020-0190(01)00276-9
  6. M. Matsui, New Structure of Block Ciphers with Provable Security against Differential and Linear Cryptanalysis, FSE'96, LNCS 1039, Berlin, Germany: Springer-Verlag, 1996, pp. 205-218.
  7. K. Nyberg, "Generalized Feistel Networks," Advances in Cryptology - ASIACRYPT'96, LNCS 1163, Berlin, Germany: Springer-Verlag, 1996, pp. 91-104.
  8. J. Sung et al., "Provable Security for the Skipjack-like Structure against Differential Cryptanalysis and Linear Cryptanalysis," Advances in Cryptology - ASIACRYPT'00, LNCS 1976, Berlin, Germany: Springer-Verlag, 2000, pp. 274-288.
  9. K. Aoki and K. Ohta, "Strict Evaluation of the Maximum Average of Differential Probability and the Maximum Average of Linear Probability," IEICE Trans. Fundam. Electron., Commun. Comput. Sci., no. 1, 1997, pp. 2-8.
  10. L.R. Knudsen, "DEAL-A 128-bit Block Cipher," Department Infometrics, University of Bergen, Norway, Technical Report 151, 1998.
  11. E. Biham, A. Biryukov, and A. Shamir, Miss-in-the-Middle Attacks on IDEA, Khufu, and Khafre, Knudsen, FSE'99. LNCS 1636, Berlin, Germany: Springer-Verlag, 1999, pp. 124-138.
  12. E. Biham, A. Biryukov, and A. Shamir, "Cryptanalysis of Skipjack Reduced to 31 Rounds Using Impossible Differentials," EUROCRYPT'99. LNCS 1592, Berlin, Germany: Springer-Verlag, 1999, pp. 12-23.
  13. J. Daemen and V. Rijmen, The Design of Rijndael: AES, Advanced Encryption Standard, New York, USA: Springer-Verlag, 2002.
  14. Z. Wu et al., "Impossible Differential Cryptanalysis of FOX," Proc. Int. Conf., LNCS 6163, Beijing, China, 2009, pp. 236-249.
  15. J. Kim et al., "Impossible Differential Cryptanalysis for Block Cipher Structures," INDOCRYPT 2003, LNCS 2904, Berlin, Germany: Springer-Verlag, 2003, pp. 82-96.
  16. Y. Luo et al., "A Unified Method for Finding Impossible Differentials of Block Cipher Structures," Inf. Sci., vol. 263, Apr. 1, 2014, pp. 211-220. https://doi.org/10.1016/j.ins.2013.08.051
  17. S. Wu and M. Wang. "Automatic Search of Truncated Impossible Differentials for Word-Oriented Block Ciphers," INDOCRYPT 2012, LNCS 7668, Berlin, Germany: Springer-Verlag, 2012, pp. 283-302.
  18. S. Vaudenay, "On the Lai-Massey Scheme," Advances in Cryptology-ASIACRYPT'99, LNCS 1716, Berlin, Germany: Springer-Verlag, 1999, pp. 8-19.
  19. X. Lai and J.L. Massey, "A Proposal for a New Block Encryption Standard," Advances in Cryptology EUROCRYPT'90, LNCS 473, Berlin, Germany: Springer-Verlag, 1991, pp. 389-404.
  20. L. Mittenthal, "Block Substitutions Using Orthomorphic Mappings," Adv. Appl. Math., vol. 16, no. 1, Mar. 1995, pp. 59-71. https://doi.org/10.1006/aama.1995.1003
  21. P. Junod and S. Vaudenay, FOX: A New Family of Block Ciphers, Selected Areas in Cryptography-SAC 2004, LNCS 2595, Berlin, Germany: Springer-Verlag, 2004, pp. 131-146.
  22. J. Chen et al., "Differential Collision Attack on Reduced FOX Block Cipher," China Commun., vol. 9, no. 7, 2012, pp. 71-76.
  23. W. Wu, W. Zhang, and D. Feng, "Integral Cryptanalysis of Reduced FOX Block Cipher," Information Security and Cryptology, LNCS 3935, Berlin, Germany: Springer-Verlag, 2006, pp. 229-241.
  24. R. Li et al., "Fault Analysis Study of the Block Cipher FOX64," Multimedia Tools and Applications, vol. 63, no. 3, Apr. 2013, pp. 691-708. https://doi.org/10.1007/s11042-011-0895-x
  25. A. Yun, J.H. Park, and J. Lee, "On Lai-Massey and Quasi-Feistel Ciphers," Design Codes Cryptography, vol. 58, 2011, pp. 45-72. https://doi.org/10.1007/s10623-010-9386-8
  26. M. Luby and C. Rackoff, "How to Construct Pseudorandom Permutations from Pseudorandom Functions," SIAM J. Comput., vol. 17, no. 2, 1988, pp. 373-386. https://doi.org/10.1137/0217022
  27. S. Vaudenay, "Provable Security for Block Ciphers by Decorrelation," Proc. Annual Symp. Theoretical Aspects. Comput. Sci., Paris, France, 1998, pp. 249-275.
  28. Y. Wei et al., "Impossible Differential Cryptanalysis on Feistel Ciphers with SP and SPS Round Functions," in Appl. Cryptography Netw. Security, Berlin, Germany: Springer-Verlag, 2010, pp. 105-122.

Cited by

  1. Improved Results of Impossible Differential Cryptanalysis on Reduced FOX vol.59, pp.4, 2014, https://doi.org/10.1093/comjnl/bxv073