Paper 2017/1017

Differential Cryptanalysis of 18-Round PRIDE

Virginie Lallemand and Shahram Rasoolzadeh


The rapid growth of the Internet of Things together with the increasing popularity of connected objects have created a need for secure, efficient and lightweight ciphers. Among the multitude of candidates, the block cipher PRIDE is, to this day, one of the most efficient solutions for 8-bit micro-controllers. In this paper, we provide new insights and a better understanding of differential attacks of PRIDE. First, we show that two previous attacks are incorrect, and describe (new and old) properties of the cipher that make such attacks intricate. Based on this understanding, we show how to properly mount a differential attack. Our proposal is the first single key differential attack that reaches 18 rounds out of 20. It requires $2^{61}$ chosen plaintexts and recovers the 128-bit key with a final time complexity of $2^{63.3}$ encryptions, while requiring a memory of about $2^{35}$ blocks of 64 bits.

Available format(s)
Secret-key cryptography
Publication info
Published elsewhere. 18th international conference on Cryptology in India (Indocrypt 2017)
Block cipherPRIDEDifferential cryptanalysis.
Contact author(s)
shahram rasoolzadeh @ rub de
2017-10-25: last of 2 revisions
2017-10-25: received
See all versions
Short URL
Creative Commons Attribution


      author = {Virginie Lallemand and Shahram Rasoolzadeh},
      title = {Differential Cryptanalysis of 18-Round PRIDE},
      howpublished = {Cryptology ePrint Archive, Paper 2017/1017},
      year = {2017},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.