Abstract
In this work, we focus on LS-design ciphers Fantomas, Robin, and iSCREAM. LS-designs are a family of bitslice ciphers aimed at efficient masked implementations against side-channel analysis. We have analyzed Fantomas and Robin with a technique that previously has not been applied to both algorithms or linear cryptanalysis. The idea behind linear cryptanalysis is to build a linear characteristic that describes the relation between plaintext and ciphertext bits. Such a relationship should hold with probability 0.5 (bias is zero) for a secure cipher. Therefore, we try to find a linear characteristic between plaintext and ciphertext where bias is not equal to zero. This non-random behavior of cipher could be converted to some key-recovery attack. For Fantomas and Robin, we find 5 and 7-round linear characteristics. Using these characteristics, we attack both the ciphers with reduced rounds and recover the key for the same number of rounds. We also apply linear cryptanalysis to the famous CAESAR candidate iSCREAM and the closely related LS-design Robin. For iScream, we apply linear cryptanalysis to the round-reduced cipher and find a 7-round best linear characteristics. Based on those linear characteristics we extend the path in the related-key scenario for a higher number of rounds.
Highlights
Block ciphers are one of the essential cryptographic primitives
We focus on linear cryptanalysis of round-reduced block ciphers: Fantomas, Robin, and iSCREAM
LS-design [3] ciphers Fantomas and Robin belong to the family of bitslice ciphers proposed by Grosso et al at FSE 2014
Summary
Block ciphers are one of the essential cryptographic primitives. Our understanding of building secure block ciphers has greatly improved in the last 20 years. We already have well-understood methods in analyzing block ciphers with a possibly wide range of cryptanalytic tools and techniques including linear and differential attacks and their variants. Linear cryptanalysis is one of the powerful cryptanalytic techniques since its introduction by Matsui [1]. It is one of the major statistical attacks on block ciphers. We focus on linear cryptanalysis of round-reduced block ciphers: Fantomas, Robin, and iSCREAM. Using these approximations, we build the 5- and 7-round key-recovery attack for Fantomas and Robin, respectively. We build 7-round linear characteristics for iSCREAM and based on those linear characteristics we extend the path in the related-key scenario for a greater number of rounds
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
