Cryptology ePrint Archive: Report 2019/714

Generalized Related-Key Rectangle Attacks on Block Ciphers with Linear Key Schedule: Applications to SKINNY and GIFT

Boxin Zhao and Xiaoyang Dong and Willi Meier and Keting Jia and Gaoli Wang

Abstract: This paper gives a new generalized key-recovery model of related-key rectangle attacks on block ciphers with linear key schedules. The model is quite optimized and applicable to various block ciphers with linear key schedule. As a proof of work, we apply the new model to two very important block ciphers, i.e. SKINNY and GIFT, which are basic modules of many candidates of the Lightweight Cryptography (LWC) standardization project by NIST.

For SKINNY, we reduce the complexity of the best previous 27-round related-tweakey rectangle attack on SKINNY-128-384 from $2^{331}$ to $2^{251.25}$. In addition, the first 28-round related-tweakey rectangle attack on SKINNY-128-384 is given, which gains one more round than before. For the candidate LWC SKINNY AEAD M1, we conduct a 24-round related-tweakey rectangle attack with a time complexity of $2^{123}$ and a data complexity of $2^{123}$ chosen plaintexts. For the case of GIFT-64, we give the first 24-round related-key rectangle attack with a time complexity $2^{91.58}$, while the best previous attack on GIFT-64 only reaches 23 rounds at most.

Category / Keywords: secret-key cryptography / Key Recovery, Rectangle Attack, SKINNY, SKINNY AEAD, GIFT, Related-Key

Date: received 17 Jun 2019, last revised 5 Sep 2019

Contact author: xiaoyangdong at tsinghua edu cn,boxinzhao@mail sdu edu cn,willi meier@fhnw ch,ktjia@tsinghua edu cn,glwang@sei ecnu edu cn

Available format(s): PDF | BibTeX Citation

Version: 20190906:010502 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]