Paper 2015/575

Known-key Distinguisher on Full PRESENT

Céline Blondeau, Thomas Peyrin, and Lei Wang

Abstract

In this article, we analyse the known-key security of the standardized PRESENT lightweight block cipher. Namely, we propose a known-key distinguisher on the full PRESENT, both 80- and 128-bit key versions. We first leverage the very latest advances in differential cryptanalysis on PRESENT, which are as strong as the best linear cryptanalysis in terms of number of attacked rounds. Differential properties are much easier to handle for a known-key distinguisher than linear properties, and we use a bias on the number of collisions on some predetermined input/output bits as distinguishing property. In order to reach the full PRESENT, we eventually introduce a new meet-in-the-middle layer to propagate the differential properties as far as possible. Our techniques have been implemented and verified on the small scale variant of PRESENT. While the known-key security model is very generous with the attacker, it makes sense in practice since PRESENT has been proposed as basic building block to design lightweight hash functions, where no secret is manipulated. Our distinguisher can for example apply to the compression function obtained by placing PRESENT in a Davies-Meyer mode. We emphasize that this is the very first attack that can reach the full number of rounds of the PRESENT block cipher.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published by the IACR in CRYPTO 2015
Keywords
PRESENTknown-key modeldistinguisherdifferential cryptanalysislinear cryptanalysis
Contact author(s)
thomas peyrin @ ntu edu sg
History
2015-06-17: received
Short URL
https://ia.cr/2015/575
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2015/575,
      author = {Céline Blondeau and Thomas Peyrin and Lei Wang},
      title = {Known-key Distinguisher on Full {PRESENT}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2015/575},
      year = {2015},
      url = {https://eprint.iacr.org/2015/575}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.