DIFFERENTIAL CRYPTANALYSIS OF THE LIGHTWEIGHT BLOCK CIPHER CYPRESS-256

Mariia Rodinko,Khalicha Yubuzova,Roman Oliynykov

doi:10.47839/ijc.19.2.1771

Abstract

This paper presents the results of differential cryptanalysis of the lightweight block cipher Cypress-256. The method for searching multi-round differential characteristic of the block cipher Cypress-256 is proposed. The searching assumes 1) building a big set of one-round differential characteristics and search for possible combinations of one-round characteristics into multi-round ones; 2) extending one-round differential characteristics with the probability up to certain threshold into multi-round characteristics. The following experiments show that the most probable one-round differential characteristics have input differences with 4-6 active bits which are distributed between different words. Besides that, high-probable one-round differential characteristics, which output differences have a small Hamming weight, cannot be extended to build high-probable multi-round differential characteristics. Due to application of the method assuming extension of one-round differential characteristics into multi-round ones, the differential characteristic up to 6 rounds was built, so 10-round block cipher Cypress-256 is resistant to differential cryptanalysis according to the requirements of practical criterion.

Highlights

Symmetric primitives include block [1, 2] and stream ciphers [3, 4], hash-functions, etc
In this paper we present methods for searching of multi-round differential characteristics of Cypress256 based on several assumptions
Our research shows that the block cipher Cypress-256 is resistant to differential cryptanalysis

Summary

INTRODUCTION

Symmetric primitives include block [1, 2] and stream ciphers [3, 4], hash-functions, etc. The post quantum lightweight block cipher Cypress was developed in Ukraine [8]. Cypress provides both fast encryption speed and high level of cryptographic strength by operating 256- and 512-bit blocks and keys. Cypress is based on Feistel network with ARX round function. ARX-transformation becomes very popular while developing lightweight cryptographic primitives due to the simplicity of its operations (addition, rotation and XOR). The previous papers devoted to Cypress analysis include the evaluation of cipher performance and avalanche properties [8] along with methods of searching for high-probable one-round differential characteristics of Cypress-256 [14]. In this paper we present methods for searching of multi-round differential characteristics of Cypress256 based on several assumptions. The round function is the ARX-transformation that contains eight additions modulo 232, eight additions modulo 2 and eight rotations

METHODS

BASIC ASSUMPTIONS CONCERNING THE DIFFERENTIAL CRYPTANALYSIS

SEARCHING FOR HIGH-PROBABLE MULTI-ROUND DIFFERENTIAL

CONCLUSION