Cryptology ePrint Archive: Report 2016/964

Practical low data-complexity subspace-trail cryptanalysis of round-reduced PRINCE

Lorenzo Grassi and Christian Rechberger

Abstract: Subspace trail cryptanalysis is a very recent new cryptanalysis technique, and includes differential, truncated differential, impossible differential, and integral attacks as special cases.

In this paper, we consider PRINCE, a widely analyzed block cipher proposed in 2012. After the identification of a 2.5 rounds subspace trail of PRINCE, we present several (truncated differential) attacks up to 6 rounds of PRINCE. This includes a very practical attack with the lowest data complexity of only 8 plaintexts for 4 rounds, which co-won the final round of the PRINCE challenge in the 4-round chosen-plaintext category. The attacks have been verified using a C implementation.

Of independent interest, we consider a variant of PRINCE in which ShiftRows and MixLayer operations are exchanged in position. In particular, our result shows that the position of ShiftRows and MixLayer operations influences the security of PRINCE. The same analysis applies to follow-up designs inspired by PRINCE.

Category / Keywords: PRINCE, Subspace Trails Cryptanalysis, Invariant Subspace Attack, Truncated Differential Attack, Practical Attack, MANTIS

Original Publication (with major differences): INDOCRYPT 2016

Date: received 5 Oct 2016, last revised 21 Mar 2017

Contact author: lorenzo grassi at iaik tugraz at

Available format(s): PDF | BibTeX Citation

Note: Reference Updated

Version: 20170321:143954 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]