Abstract

Integral cryptanalysis based on division property is a powerful cryptanalytic method whose range of successful applications was recently extended through the use of Mixed-Integer Linear Programming (MILP). Although this technique was demonstrated to be efficient in specifying distinguishers of reduced round versions of several families of lightweight block ciphers (such as SIMON, PRESENT, and few others), we show that this method provides distinguishers for a full-round block cipher SAT_Jo. SAT_Jo cipher is very similar to the well-known PRESENT block cipher, which has successfully withstood the known cryptanalytic methods. The main difference compared to PRESENT, which turns out to induce severe weaknesses of SAT_Jo algorithm, is its different choice of substitution boxes (S-boxes) and the bit-permutation layer for the reasons of making the cipher highly resource-efficient. Even though the designers provided a security analysis of this scheme against some major generic cryptanalytic methods, an application of the bit-division property in combination with MILP was not considered. By specifying integral distinguishers for the full-round SAT_Jo algorithm using this method, we essentially disapprove its use in intended applications. Using a 30-round distinguisher, we also describe a subkey recovery attack on the SAT_Jo algorithm whose time complexity is about 2 66 encryptions (noting that SAT_Jo is designed to provide 80 bits of security). Moreover, it seems that the choice of bit-permutation induces weak division properties since replacing the original bit-permutation of SAT_Jo by the one used in PRESENT immediately renders integral distinguishers inefficient.

Highlights

  • Lightweight block ciphers play an important role in providing the security in various constrained environments

  • We consider a lightweight block cipher SAT_Jo [11] and search for integral distinguishers based on division property using the Mixed-Integer Linear Programming (MILP) technique [12] introduced in [13]

  • Before describing the contribution of this work in more detail, we briefly summarize a development of integral attack and division property

Read more

Summary

Introduction

Lightweight block ciphers play an important role in providing the security in various constrained environments (referring to different applications of Internet of ings). We consider a lightweight block cipher SAT_Jo [11] (proposed in 2018) and search for integral distinguishers based on division property using the MILP technique [12] introduced in [13]. A further generalization of integral attacks has been introduced by Todo [19] at EUROCRYPT 2015, by developing a cryptanalytic framework based on the so-called division property. Our contribution: in this paper, we analyze the lightweight block cipher SAT_Jo, which is built as a substitutionpermutation (SP) network and processes plaintext blocks of length 64 bits through an iterative application of 31 identical rounds, using the secret key of size 80 bits. We emphasize that the designers of this algorithm provided the security evaluation [22] of the cipher by considering some main cryptanalytic tools such as differential and linear cryptanalysis, as well as the resistance against algebraic attacks.

Preliminaries
MILP Combined with Bit-Based Division Property
31 Rounds
The Results
Conclusion

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.