Cryptology ePrint Archive: Report 2017/1017

Differential Cryptanalysis of 18-Round PRIDE

Virginie Lallemand and Shahram Rasoolzadeh

Abstract: The rapid growth of the Internet of Things together with the increasing popularity of connected objects have created a need for secure, efficient and lightweight ciphers. Among the multitude of candidates, the block cipher PRIDE is, to this day, one of the most efficient solutions for 8-bit micro-controllers. In this paper, we provide new insights and a better understanding of differential attacks of PRIDE. First, we show that two previous attacks are incorrect, and describe (new and old) properties of the cipher that make such attacks intricate. Based on this understanding, we show how to properly mount a differential attack. Our proposal is the first single key differential attack that reaches 18 rounds out of 20. It requires $2^{61}$ chosen plaintexts and recovers the 128-bit key with a final time complexity of $2^{63.3}$ encryptions, while requiring a memory of about $2^{35}$ blocks of 64 bits.

Category / Keywords: secret-key cryptography / Block cipher, PRIDE, Differential cryptanalysis.

Original Publication (in the same form): 18th international conference on Cryptology in India (Indocrypt 2017)

Date: received 13 Oct 2017, last revised 25 Oct 2017

Contact author: shahram rasoolzadeh at rub de

Available format(s): PDF | BibTeX Citation

Version: 20171025:115148 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]