Paper 2016/1108

Security Analysis of SKINNY under Related-Tweakey Settings

Guozhen Liu, Mohona Ghosh, and Ling Song

Abstract

In CRYPTO'16, a new family of tweakable lightweight block ciphers - SKINNY was introduced. Denoting the variants of SKINNY as SKINNY-$n$-$t$, where $n$ represents the block size and $t$ represents the tweakey length, the design specifies $t \in \{n, 2n, 3n\}$. In this work, we evaluate the security of SKINNY against differential cryptanalysis in the related-tweakey model. First, we investigate truncated related-tweakey differential trails of SKINNY and search for the longest impossible and rectangle distinguishers where there is only one active cell in the input and the output. Based on the distinguishers obtained, $19$, $23$ and $27$ rounds of SKINNY-$n$-$n$, SKINNY-$n$-$2n$ and SKINNY-$n$-$3n$ can be attacked respectively. Next, actual differential trails for SKINNY under related-tweakey model are explored and optimal differential trails of SKINNY-64 within certain number of rounds are searched with an indirect searching method based on Mixed-Integer Linear Programming. The results show a trend that as the number of rounds increases, the probability of optimal differential trails is much lower than the probability derived from the lower bounds of active Sboxes in SKINNY.

Note: Better attacks are given in this version. Specifically, 19 rounds and 23 rounds can be attacked for SKINNY-n-n and SKINNY-n-2n, which cover one more round than the attacks in the original version.