Cryptology ePrint Archive: Report 2014/089

Multiple Di fferential Cryptanalysis of Round-Reduced PRINCE (Full version)

Anne Canteaut and Thomas Fuhr and Henri Gilbert and Maria Naya-Plasencia and Jean-René Reinhard

Abstract: PRINCE is a lightweight block cipher proposed by Borgho ff et al. at Asiacrypt 2012. Due to its originality, novel design and low number of rounds, it has already attracted the attention of a large number of cryptanalysts. Several results on reduced versions have been published to date; the best one is an attack on 8 rounds out of the total number of 12. In this paper we improve this result by two rounds: we provide an attack on 10 rounds of the cipher with a data complexity of $2^{57.94}$ and a time complexity of $2^{60.62}$, corresponding to 118.56 security bits, instead of 126 for the generic attacks. Our attack uses multiple di fferentials and exploits some properties of PRINCE for recovering the whole key. PRINCE is defi ned as a member of a family of ciphers, differing by the choice of an Sbox among a distinguished set. We also show that the security o ffered by all the members of the family is not equivalent, by identifying an Sbox for which our attack can be extended up to 11 rounds with a data complexity of $2^{59.81}$ and a time complexity of $2^{62.43}$.

Category / Keywords: secret-key cryptography / Di fferential cryptanalysis, PRINCE, multiple di fferentials

Original Publication (with minor differences): IACR-FSE-2014

Date: received 6 Feb 2014

Contact author: Anne Canteaut at inria fr

Available format(s): PDF | BibTeX Citation

Note: This article is the full version of the paper to appear in the proceedings of FSE 2014.

Version: 20140210:133801 (All versions of this report)

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]