Weak Tweak-Keys for the CRAFT Block Cipher

Abstract

CRAFT is a lightweight tweakable Substitution-Permutation-Network (SPN) block cipher optimized for efficient protection of its implementations against Differential Fault Analysis (DFA) attacks. In this paper, we present an equivalent description of CRAFT up to a simple mapping on the plaintext, ciphertext and round tweakeys. We show that the new representation, for a sub-class of keys, leads to a new structure which is a Feistel network, with non-linear operation and key addition only on half the state. Consequently, it reveals a class of weak keys for which CRAFT is less resistant against differential and linear cryptanalyses. As a result, we present one weak-key single-tweak differential attack on 23 rounds (with time complexity of $2^{94}$ encryptions and data complexity of $2^{74}$ chosen plaintext/tweak/ciphertext tuples and works for $2^{112}$ weak keys) and one weak-key related-tweak attack on 26 rounds of the cipher (with time complexity of $2^{105}$ encryptions and data complexity $2^{73}$ chosen plaintext/tweak/ciphertext tuples and works for $2^{108}$ weak keys). Note that these attacks do not break the security claim of the CRAFT block cipher.

Available format(s)
Category
Secret-key cryptography
Publication info
Keywords
Contact author(s)
History
2022-01-29: last of 3 revisions
See all versions
Short URL
https://ia.cr/2021/238

CC BY

BibTeX

@misc{cryptoeprint:2021/238,
author = {Gregor Leander and Shahram Rasoolzadeh},
title = {Weak Tweak-Keys for the CRAFT Block Cipher},
howpublished = {Cryptology ePrint Archive, Paper 2021/238},
year = {2021},
note = {\url{https://eprint.iacr.org/2021/238}},
url = {https://eprint.iacr.org/2021/238}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.