Shining Light on the Shadow: Full-round Practical Distinguisher for Lightweight Block Cipher Shadow

Sunyeop Kim; Myoungsu Shin; Seonkyu Kim; Hanbeom Shin; Insung Kim; Donggeun Kwon; Dongjae Lee; Seonggyeom Kim; Deukjo Hong; Jaechul Sung; Seokhie Hong

Paper 2023/1200

Shining Light on the Shadow: Full-round Practical Distinguisher for Lightweight Block Cipher Shadow

Sunyeop Kim, Korea University

Myoungsu Shin

Seonkyu Kim

Hanbeom Shin

Insung Kim, Korea University

Donggeun Kwon, Korea University

Dongjae Lee, Korea University

Seonggyeom Kim, Samsung Electronics

Deukjo Hong, Jeonbuk National University

Jaechul Sung, University of Seoul

Seokhie Hong, Korea University

Abstract

Shadow is a lightweight block cipher proposed at IEEE IoT journal 2021. Shadow’s main design principle is adopting a variant 4- branch Feistel structure in order to provide a fast diffusion rate. We define such a structure as Shadow structure and prove that it is al- most identical to the Generalized Feistel Network, which invalidates the design principle. Moreover, we give a structural distinguisher that can distinguish Shadow structure from random permutation with only two plaintext/ciphertext pairs. By exploiting the key schedule, the distin- guisher can be extended to key recovery attack with only one plain- text/ciphertext pair. Furthermore, by considering Shadow’s round func- tion, only certain forms of monomials can appear in the ciphertext, re- sulting in an integral distinguisher of four plaintext/ciphertext pairs. Even more, the algebraic degree does not increase more than 12 for Shadow-32 and 20 for Shadow-64 regardless of rounds used. Our results show that Shadow is highly vulnerable to algebraic attacks, and that algebraic attacks should be carefully considered when designing ciphers with AND, rotation, and XOR operations.

Metadata

Available format(s): PDF
Category: Secret-key cryptography
Publication info: Preprint.
Keywords: Block cipher algebraic attack cube attack
Contact author(s): kin3548 @ gmail com
houma757 @ gmail com
kimsg125 @ korea ac kr
shb115 @ naver com
cmcom35 @ korea ac kr
donggeun kwon @ gmail com
ldj0676 @ korea ac kr
jeffgyeom @ gmail com
deukjo hong @ jbnu ac kr
jcsung @ uos ac kr
shhong @ korea ac kr
History: 2023-08-10: approved; 2023-08-08: received; See all versions
Short URL: https://ia.cr/2023/1200
License: CC BY

BibTeX

@misc{cryptoeprint:2023/1200,
      author = {Sunyeop Kim and Myoungsu Shin and Seonkyu Kim and Hanbeom Shin and Insung Kim and Donggeun Kwon and Dongjae Lee and Seonggyeom Kim and Deukjo Hong and Jaechul Sung and Seokhie Hong},
      title = {Shining Light on the Shadow: Full-round Practical Distinguisher for Lightweight Block Cipher Shadow},
      howpublished = {Cryptology ePrint Archive, Paper 2023/1200},
      year = {2023},
      note = {\url{https://eprint.iacr.org/2023/1200}},
      url = {https://eprint.iacr.org/2023/1200}
}