Paper 2019/932

Related-key Differential Cryptanalysis of Full Round CRAFT

Muhammad ElSheikh and Amr M. Youssef

Abstract

CRAFT is a lightweight tweakable block cipher introduced in FSE 2019. One of the main design criteria of CRAFT is the efficient protection of its implementations against differential fault analysis. While the authors of CRAFT provide several cryptanalysis results in several attack models, they do not claim any security of CRAFT against related-key differential attacks. In this paper, we utilize the simple key schedule of CRAFT to propose a systematic method for constructing several repeatable 2-round related-key differential characteristics with probability 22. We then employ one of these characteristics to mount a key recovery attack on full-round CRAFT using 231 queries to the encryption oracle and encryptions, and 64-bit blocks of memory. Additionally, we manage to use 8 related-key differential distinguishers, with 8 related-key differences, in order to mount a key recovery attack on the full-round cipher with queries to the encryption oracle, encryptions and about 64-bit blocks of memory. Furthermore, we present another attack that recovers the whole master key with queries to the encryption oracle and only encryptions with blocks of memory using 16 related-key differential distinguishers.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. SPACE 2019
Keywords
CRAFTRelated-KeyTweakable
Contact author(s)
m_elshei @ encs concordia ca
History
2019-11-04: revised
2019-08-18: received
See all versions
Short URL
https://ia.cr/2019/932
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2019/932,
      author = {Muhammad ElSheikh and Amr M.  Youssef},
      title = {Related-key Differential Cryptanalysis of Full Round {CRAFT}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2019/932},
      year = {2019},
      url = {https://eprint.iacr.org/2019/932}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.