Full Round Distinguishing and Key-Recovery Attacks on SAND-2 (Full version)

Zhuolong Zhang; Shiyao Chen; Wei Wang; Meiqin Wang

Paper 2023/1697

Full Round Distinguishing and Key-Recovery Attacks on SAND-2 (Full version)

Zhuolong Zhang, School of Cyber Science and Technology, Shandong University, Qingdao, China

Shiyao Chen, Nanyang Technological University, Singapore, Singapore

Wei Wang, School of Cyber Sciaence and Technology, Shandong University, Qingdao, China; Quan Cheng Laboratory, Jinan, China; Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Jinan, China

Meiqin Wang, School of Cyber Sciaence and Technology, Shandong University, Qingdao, China; Quan Cheng Laboratory, Jinan, China; Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Jinan, China

Abstract

This paper presents full round distinguishing and key recovery attacks on lightweight block cipher SAND-2 with 64-bit block size and 128-bit key size, which appears to be a mixture of the AND-Rotation-XOR (AND-RX) based ciphers SAND and ANT. However, the security arguments against linear and some other attacks are not fully provided. In this paper, we find that the combination of a SAND-like nibble-based round function and ANT-like bit-based permutations will cause dependencies and lead to iterative linear and differential trails with high probabilities. By exploiting these, full round distinguishing attacks on SAND-2 work with $2^{46}$ queries for linear and $2^{58.60}$ queries for differential in the single-key setting. Then, full round key recovery attacks are also mounted, which work with the time complexity $2^{48.23}$ for linear and $2^{64.10}$ for differential. It should be noted that the dependency observed in this paper only works for SAND-2 and will not threaten SAND and ANT. From the point of designers, our attacks show the risk of mixing the parts of different designs, even though each of them is well-studied to be secure.

Metadata

Available format(s): PDF
Category: Attacks and cryptanalysis
Publication info: Published elsewhere. Major revision. Inscrypt 2023
Keywords: Linear Cryptanalysis Differential Cryptanalysis Distinguishing Attack Key Recovery Attack SAND-2
Contact author(s): zhuolongzhang @ mail sdu edu cn
shiyao chen @ ntu edu sg
weiwangsdu @ sdu edu cn
mqwang @ sdu edu cn
History: 2023-11-03: approved; 2023-11-02: received; See all versions
Short URL: https://ia.cr/2023/1697
License: CC BY

BibTeX

@misc{cryptoeprint:2023/1697,
      author = {Zhuolong Zhang and Shiyao Chen and Wei Wang and Meiqin Wang},
      title = {Full Round Distinguishing and Key-Recovery Attacks on SAND-2 (Full version)},
      howpublished = {Cryptology ePrint Archive, Paper 2023/1697},
      year = {2023},
      note = {\url{https://eprint.iacr.org/2023/1697}},
      url = {https://eprint.iacr.org/2023/1697}
}