Abstract
CRAFT is a lightweight tweakable Substitution-Permutation-Network (SPN) block cipher optimized for efficient protection of its implementations against Differential Fault Analysis (DFA) attacks. In this paper, we present an equivalent description of CRAFT up to a simple mapping on the plaintext, ciphertext and round tweakeys. We show that the new representation, for a sub-class of keys, leads to a new structure which is a Feistel network, with non-linear operation and key addition only on half the state. Consequently, it reveals a class of weak keys for which CRAFT is less resistant against differential and linear cryptanalyses. As a result, we present one weak-key single-tweak differential attack on 23 rounds (with time complexity of 294 encryptions and data complexity of 274 chosen plaintext/tweak/ciphertext tuples and works for 2112 weak keys) and one weak-key related-tweak attack on 26 rounds of the cipher (with time complexity of 2105 encryptions and data complexity 273 chosen plaintext/tweak/ciphertext tuples and works for 2108 weak keys). Note that these attacks do not break the security claim of the CRAFT block cipher.
Highlights
CRAFT is a tweakable block cipher presented at FSE 2019 and designed by Beierle, Leander, Moradi, and Rasoolzadeh [BLMR19]
In a weak tweak-key scenario, mainly thanks to the involutory S-box and the special choice of MixColumns used in CRAFT, the equivalent representation of the cipher leads to a Feistel network where the non-linear operation (S-box layer) only is applied on half of the state
We showed how the SPN structure of CRAFT block cipher changes to a Feistel-network structure in the weak tweak-key scenario
Summary
CRAFT is a tweakable block cipher presented at FSE 2019 and designed by Beierle, Leander, Moradi, and Rasoolzadeh [BLMR19]. Considering the protected against DFA implementation of the cipher, under the same settings with respect to the employed error-detection code, its area overhead (even with decryption and tweak support) is smaller than all block ciphers considered in [BLMR19] with compatible state and key size. The designers of CRAFT provided a detailed security analysis of the cipher in their proposal paper which covers differential, linear, impossible differential, zero-correlation linear hull, meet-in-the-middle, time-data-memory trade-offs, integral (and division property), and invariant attacks. Overall, they claimed 124 bit security in the related-tweak attacker model. After the publication of the design, some other follow-up cryptanalysis has been published [HSN+19, MA19, EY19, GSS+20] and in the following, we briefly explain results of these analyses
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
