Security of LBlock-s against related-key differential attack

Abstract

LBlock-s is a 32-round lightweight block cipher and is a simplified version of the LBlock block cipher, which was proposed to achieve an efficiency improvement of implementation but not to weaken its security. It uses 10 identical 4-bit S-boxes instead of 10 different 4-bit S-boxes in LBlock to reduce the cost in hardware and software implementation. Although better bounds on the security of LBlock-s against related-key differential attack have been given, the designers did not have sufficient evidence to show that the cipher is secure enough to resist against this attack. In this paper, we apply the mixed-integer linear programming methods proposed by Sun et al. to show that the cipher is secure against standard related-key differential attack and there is no related-key differential characteristic with probability higher than 2 64 for the 32-round LBlock-s. In particular, more concrete results on reduced versions of the cipher are obtained that the minimum numbers of active S-boxes for 10-round and 11-round related-key differential characteristics are 10 and 11, respectively.