Abstract
We present an invariant subspace attack on the block cipher Midori64, proposed at Asiacrypt 2015. Our analysis shows that Midori64 has a class of 232 weak keys. Under any such key, the cipher can be distinguished with only a single chosen query, and the key can be recovered in 216 time with two chosen queries. As both the distinguisher and the key recovery have very low complexities, we confirm our analysis by implementing the attacks. Some tweaks of round constants make Midori64 more resistant to the attacks, but some lead to even larger weak-key classes. To eliminate the dependency on the round constants, we investigate alternative S-boxes for Midori64 that provide certain level of security against the found invariant subspace attacks, regardless of the choice of the round constants. Our search for S-boxes is enhanced with a dedicated tool which evaluates the depth of any given 4-bit S-box that satisfies certain design criteria. The tool may be of independent interest to future S-box designs.
Highlights
Designing a block cipher simultaneously achieving high efficiency and high security has been a challenging topic for many years
We show that Midori64 has a class of 232 weak keys that can be distinguished with a complexity of a single query
We examine the possibility to show that a cipher is resistant against invariant subspace attacks by focusing only on the S-boxes in combination with the key schedule
Summary
Designing a block cipher simultaneously achieving high efficiency and high security has been a challenging topic for many years. Dozens of lightweight ciphers have been proposed for in last decade, and it is important to select good designs. Several evaluation criteria can be considered, such as gate size, throughput and latency. One of the most important criteria is a low energy consumption. In a sensor network, many sensor nodes having limited amount of computation resources and battery will be distributed. Substituting old nodes with empty battery into new ones requires an expensive maintenance cost, making the amount of energy consumption as low as possible is crucial in such a situation
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
