In this paper we present generic techniques for differential and linear cryptanalysis of SP networks with partial non-linear layers, including an automated characteristic search tool and dedicated key-recovery algorithms. Our techniques can be used both for cryptanalysis of such schemes and for proving their security with respect to basic differential and linear cryptanalysis, succeeding where previous automated analysis tools seem to fail.
We first apply our techniques to the block cipher Zorro (designed by Gérard et al.~following their methodology), obtaining practical attacks on the cipher which where fully simulated on a single desktop PC in a few days. Then, we propose a mild change to Zorro, and formally prove its security against basic differential and linear cryptanalysis. We conclude that there is no inherent flaw in the design strategy of Gérard et al., and it can be used in future designs, where our tools should prove useful.Category / Keywords: Block cipher, Lightweight, Zorro, differential cryptanalysis, linear cryptanalysis Original Publication (with minor differences): IACR-EUROCRYPT-2015 Date: received 29 Mar 2014, last revised 26 May 2015 Contact author: dinur at di ens fr Available format(s): PDF | BibTeX Citation Version: 20150526:203255 (All versions of this report) Discussion forum: Show discussion | Start new discussion