Paper 2019/741

Comprehensive security analysis of CRAFT

Hosein Hadipour, Sadegh Sadeghi, Majid M. Niknam, and Nasour Bagheri


CRAFT is a lightweight involuntary block cipher, designed to provide efficient protection against differential fault attack. It is a tweakable cipher which encrypts a 64-bit plaintext using a 128-bit key and 64-bit public tweak. In this paper, compared to the designers' analysis, we provide a more detailed analysis of CRAFT against differential, linear hull, and zero correlation cryptanalysis. Our distinguishers for reduced round CRAFT cover more number of rounds compared to the designers' analysis. In our analysis, we observed a strange differential behavior of CRAFT, more precisely, for any number of rounds, the differential has an extremely higher probability compared to any differential characteristic. As an example, while the best characteristic for 11 rounds of the cipher has the probability of $2^{-80}$, we presented a differential with the probability of $2^{-60}$, contain $2^{20}$ characteristic, all with the same optimum probability of $2^{-80}$. Next, we are using a partitioning technique, based on an optimal expendable truncated characteristic, to provide a better estimation of the differential effect on CRAFT. Thanks to technique, we were able to find differential distinguishers for 9, 10, 11, 12 and 13 rounds of the cipher in single tweak model with the probabilities of $2^{-40.204463}$, $ 2^{-45.124812} $, $ 2^{-49.799815}$, $ 2^{-54.726466}$ and $ 2^{-59.399491}$ respectively. These probabilities should be compared with the best distinguishers provided by the designers in the same model for 9 and 10 rounds of the cipher with the probabilities of $ 2^{-54.67}$ and $ 2^{-62.61}$ respectively. In addition, we considered the security of CRAFT against the new concept of related tweak zero correlation (ZC) linear cryptanalysis and present a new distinguisher which covers 14 rounds of the cipher, while the best previous ZC distinguisher covered 13 rounds. We also provide many related key characteristics for a full round cipher that the probability of any full round distinguisher will not be less than $2^{-32}$. It is noteworthy to mention the designers has no claim against the related key attack and even provided a deterministic related key characteristic for full round cipher, and extended it to exhaustive key search with the complexity of $2^{124}$. However, given our distinguishers, it is possible to recover the key with the complexity of $2^{40}$. Although the provided analysis does not compromise the cipher, we think it provides a better insight behind the designing of CRAFT.

Note: This paper is the primary results and may be updated.

Available format(s)
Secret-key cryptography
Publication info
Preprint. Minor revision.
Lightweight block cipherdifferentiallinear hullzero correlationrelated keytweak able cipherMILPCryptoSMTCRAFT.
Contact author(s)
na bagheri @ gmail com
2019-06-24: received
Short URL
Creative Commons Attribution


      author = {Hosein Hadipour and Sadegh Sadeghi and Majid M.  Niknam and Nasour Bagheri},
      title = {Comprehensive security analysis of CRAFT},
      howpublished = {Cryptology ePrint Archive, Paper 2019/741},
      year = {2019},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.