Paper 2014/090
Cryptanalysis of KLEIN (Full version)
Virginie Lallemand and María Naya-Plasencia
Abstract
Due to the recent emergence of resource-constrained devices, cryptographers are facing the problem of designing dedicated lightweight ciphers. KLEIN is one of the resulting primitives, proposed at RFIDSec in 2011 by Gong et al. This family of software-oriented block ciphers has an innovative structure, as it combines 4-bit Sboxes with the AES MixColumn transformation, and has woken up the attention of cryptanalysts. Several security analyses have been published, in particular on the 64-bit key version. The best of these results could attack up to 10 rounds out of the total number of 12. In this paper we propose a new family of attacks that can cryptanalyze for the first time all the 12 rounds of the complete version of KLEIN-64. Our attacks use truncated differential paths and are based both on some of the notions developed in previous attacks and on our new ideas that allow to considerably improve the performance. To prove the validity of our attacks, we have implemented reduced-round versions of them. In particular we were able to reproduce a practical attack that recovers the whole key on 10 rounds, which also corresponds to the best practical attack against KLEIN-64.
Metadata
- Available format(s)
-
PDF
- Publication info
- A minor revision of an IACR publication in FSE 2014
- Keywords
- KLEINlightweight block ciphertruncated differential cryptanalysisMixColumnkey-recovery.
- Contact author(s)
- maria naya_plasencia @ inria fr
- History
- 2014-03-07: last of 2 revisions
- 2014-02-10: received
- See all versions
- Short URL
- https://ia.cr/2014/090
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2014/090,
author = {Virginie Lallemand and María Naya-Plasencia},
title = {Cryptanalysis of {KLEIN} (Full version)},
howpublished = {Cryptology {ePrint} Archive, Paper 2014/090},
year = {2014},
url = {https://eprint.iacr.org/2014/090}
}
