Paper 2012/085
Study of the invariant coset attack on PRINTcipher: more weak keys with practical key recovery
Stanislav Bulygin and Michael Walter
Abstract
In this paper we investigate the invariant property of PRINTcipher first discovered by Leander et al. in their CRYPTO 2011 paper. We provide a thorough study and show that there exist 64 families of weak keys for PRINTcipher--48 and many more for PRINTcipher--96. Moreover, we show that searching the weak key space may be substantially sped up by splitting the search into two consecutive steps. We show that for many classes of weak keys key recovery can be done in a matter of minutes in the chosen/known plaintext scenario. In fact, at least $2^{45}$ weak keys can be recovered in less than 20 minutes per key on a single PC using only a few chosen and one known plaintext(s). We provide detailed treatment of the methods and put them in a more general context that opens new interesting directions of research for PRESENT-like ciphers.
Note: Section 3.3 on finding sizes of weak key families and key recovery complexity is substantially revised; data for PRINTcipher-96 is added.
Metadata
- Available format(s)
-
PDF
- Category
- Secret-key cryptography
- Publication info
- Published elsewhere. Unknown where it was published
- Keywords
- PRINTcipherinvariant coset attackmixed integer linear programmingweak keyschosen plaintext attackkey recovery
- Contact author(s)
- Stanislav Bulygin @ cased de
- History
- 2012-05-15: revised
- 2012-02-23: received
- See all versions
- Short URL
- https://ia.cr/2012/085
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2012/085,
author = {Stanislav Bulygin and Michael Walter},
title = {Study of the invariant coset attack on {PRINTcipher}: more weak keys with practical key recovery},
howpublished = {Cryptology {ePrint} Archive, Paper 2012/085},
year = {2012},
url = {https://eprint.iacr.org/2012/085}
}
