Paper 2017/1017

Differential Cryptanalysis of 18-Round PRIDE

Virginie Lallemand and Shahram Rasoolzadeh

Abstract

The rapid growth of the Internet of Things together with the increasing popularity of connected objects have created a need for secure, efficient and lightweight ciphers. Among the multitude of candidates, the block cipher PRIDE is, to this day, one of the most efficient solutions for 8-bit micro-controllers. In this paper, we provide new insights and a better understanding of differential attacks of PRIDE. First, we show that two previous attacks are incorrect, and describe (new and old) properties of the cipher that make such attacks intricate. Based on this understanding, we show how to properly mount a differential attack. Our proposal is the first single key differential attack that reaches 18 rounds out of 20. It requires $2^{61}$ chosen plaintexts and recovers the 128-bit key with a final time complexity of $2^{63.3}$ encryptions, while requiring a memory of about $2^{35}$ blocks of 64 bits.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. 18th international conference on Cryptology in India (Indocrypt 2017)
Keywords
Block cipherPRIDEDifferential cryptanalysis.
Contact author(s)
shahram rasoolzadeh @ rub de
History
2017-10-25: last of 2 revisions
2017-10-25: received
See all versions
Short URL
https://ia.cr/2017/1017
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2017/1017,
      author = {Virginie Lallemand and Shahram Rasoolzadeh},
      title = {Differential Cryptanalysis of 18-Round PRIDE},
      howpublished = {Cryptology ePrint Archive, Paper 2017/1017},
      year = {2017},
      note = {\url{https://eprint.iacr.org/2017/1017}},
      url = {https://eprint.iacr.org/2017/1017}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.