Higher Order Differential Cryptanalysis Research Articles

Algebraic and Higher-Order Differential Cryptanalysis of Pyjamask-96

Cryptographic competitions, like the ongoing NIST call for lightweight cryptography, always provide a thriving research environment, where new interesting ideas are proposed and new cryptographic insights are made. One proposal for this NIST call that is accepted for the second round is Pyjamask. Pyjamask is an authenticated encryption scheme that builds upon two block ciphers, Pyjamask-96 and Pyjamask-128, that aim to minimize the number of AND operations at the cost of a very strong linear layer. A side-effect of this goal is a slow growth in the algebraic degree. In this paper, we focus on the block cipher Pyjamask-96 and are able to provide a theoretical key-recovery attack reaching 14 (out of 14) rounds as well as a practical attack on 8 rounds. We do this by combining higher-order differentials with an in-depth analysis of the system of equations gotten for 2.5 rounds of Pyjamask-96. The AEAD-scheme Pyjamask itself is not threatened by the work in this paper.

Algebraic and Higher-Order Differential Cryptanalysis of Pyjamask-96

Algebraic and Higher-Order Differential Cryptanalysis of Pyjamask-96

Revisit and Cryptanalysis of a CAST Cipher

CAST family of ciphers are the block ciphers created by Carlisle Adams et al. in 1996. One famous member of CAST family is CAST-128, which is a 12-round or 16-round Feistel network. In this paper, we apply the interpolation attack on both 5- round and 16-round CAST-128 Cipher to recover the last round key. We first mount the basic interpolation attack separately on it. After combining with the higher order differential cryptanalysis, our result reduces the time complexity in 231.4 bit operation for 5-round attack. We also apply the optimized interpolation attack on the 16-round CAST-128-like structure which requires 244.2 bit operations and 231 chosen plaintexts.

Practical attacks on the round‐reduced PRINCE

The PRINCE cipher is the result of a cooperation between the Technical University of Denmark, NXP Semiconductors and the Ruhr University Bochum. The cipher was designed to reach an extremely low-latency encryption and instant response time. PRINCE has already gained a lot of attention from the academic community, however, most of the attacks are theoretical, usually with very high time or data complexity. This work helps to fill the gap in more practically oriented attacks, with more realistic scenarios and complexities. New attacks are presented, up to seven rounds, relying on integral and higher-order differential cryptanalysis.

Distinguishing properties and applications of higher order derivatives of Boolean functions

Higher order differential cryptanalysis is based on a property of higher order derivatives of Boolean functions such that derivative of a Boolean function reduces its degree at least 1 and continuously taking derivatives eventually yields a zero function. A quicker degree reduction means a lower data complexity in cryptanalysis, which can be determined by fast point at which the derivative reduces the degree at least 2.In this paper, we show that the set of the fast points of a Boolean function constitutes a linear subspace and its dimension plus the degree of the function is at most the size of the function. We also show that non-zero fast point exists in every n-variable Boolean function of degree n-1, every symmetric Boolean function of degree d where n≢d(mod2) or every quadratic Boolean function of odd number variables, which help us distinguish a few block ciphers and propose a new design principle about degree for block cipher.