First Multidimensional Cryptanalysis on Reduced-Round $$\mathrm{PRINCE }_{core}$$

Abstract

In this paper we present the first multidimensional linear attack on $$\text {PRINCE}_{core}$$ , which uses an identical round-key for each round. Traditional one-dimensional and multidimensional linear cryptanalysis based their theoretical foundation on the independent-key assumption, so that they cannot be evaluated accurately in the case of ciphers with identical round-key. In this paper we propose a new classification technique to overcome this obstacle. In our new technique, we classify the linear trails into different subsets indexed by the XOR sum of their trail masks, deal with their correlations in each subset, and get the accurate capacity for our target linear approximation. By this technique, we build an 8-round multidimensional linear distinguisher with capacity of $$2^{-57.99}$$ , and exhibit a key-recovery attack on 9 out of 12 round of $$\text {PRINCE}_{core}$$ . This attack requires a data complexity of $$2^{63.84}$$ known plaintexts and time complexity of $$2^{60}$$ encryptions. We also present a key-recovery attack on 10-round $$\text {PRINCE}_{core}$$ with data complexity of $$2^{63.84}$$ known plaintexts and time complexity of $$2^{75.68}$$ encryptions.