Paper 2014/656
Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions with Applications to PRINCE and PRIDE
Itai Dinur
Abstract
The FX-construction was proposed in 1996 by Kilian and Rogaway as a generalization of the DESX scheme. The construction increases the security of an $n$-bit core block cipher with a $\kappa$-bit key by using two additional $n$-bit masking keys. Recently, several concrete instances of the FX-construction were proposed, including PRINCE (proposed at Asiacrypt 2012) and PRIDE (proposed at CRYPTO 2014). These ciphers have $n=\kappa=64$, and are proven to guarantee about $127-d$ bits of security, assuming that their core ciphers are ideal, and the adversary can obtain at most $2^d$ data. In this paper, we devise new cryptanalytic time-memory-data tradeoff attacks on FX-constructions. While our attacks do not contradict the security proof of PRINCE and PRIDE, nor pose an immediate threat to their users, some specific choices of tradeoff parameters demonstrate that the security margin of the ciphers against practical attacks is smaller than expected. Our techniques combine a special form of time-memory-data tradeoffs, typically applied to stream ciphers, with recent analysis of FX-constructions by Fouque, Joux and Mavromati.
Metadata
- Available format(s)
-
PDF
- Category
- Secret-key cryptography
- Publication info
- A minor revision of an IACR publication in EUROCRYPT 2015
- Keywords
- Cryptanalysisblock ciphertime-memory-data tradeoffFX-constructionDESXPRINCEPRIDE.
- Contact author(s)
- dinur @ di ens fr
- History
- 2015-02-18: revised
- 2014-08-27: received
- See all versions
- Short URL
- https://ia.cr/2014/656
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2014/656,
author = {Itai Dinur},
title = {Cryptanalytic Time-Memory-Data Tradeoffs for {FX}-Constructions with Applications to {PRINCE} and {PRIDE}},
howpublished = {Cryptology {ePrint} Archive, Paper 2014/656},
year = {2014},
url = {https://eprint.iacr.org/2014/656}
}
