Abstract
We evaluate the security of RECTANGLE from the perspective of actual key information (AKI). Insufficient AKI permits the attackers to deduce some subkey bits from some other subkey bits, thereby lowering the overall attack complexity or getting more attacked rounds. By considering the interaction between the key schedule’s diffusion and the round function’s diffusion, we find there exists AKI insufficiency in 4 consecutive rounds for RECTANGLE-80 and 6 consecutive rounds for RECTANGLE-128, although the master key bits achieve complete diffusion in 2 and 4 rounds, respectively. With such weakness of the key schedule, we give a generic meet-in-the-middle attack on 12-round reduced RECTANGLE-128 with only 8 known plaintexts. Moreover, we calculate AKI of variants of RECTANGLE as well as PRESENT. Surprisingly we find that both RECTANGLE-128 and PRESENT-128 with no key schedule involve more AKI than the original one. Based on this finding, we slightly modify the key schedule of RECTANGLE-128. Compared with the original one, this new key schedule matches better with the round function in terms of maximizing AKI. Our work adds more insight to the design of block ciphers’ key schedule.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
