Differential Fault Analysis and Meet-in-the-Middle Attack on the Block Cipher KATAN32

doi:10.1007/s12204-013-1377-2

上海交通大学学报（英文版） ›› 2013, Vol. 18 ›› Issue (2): 147-152.doi: 10.1007/s12204-013-1377-2

Differential Fault Analysis and Meet-in-the-Middle Attack on the Block Cipher KATAN32

ZHANG Wen-ying1,2 (张文英), LIU Feng1* (刘枫), LIU Xuan1 (刘宣), MENG Shuai1 (孟帅)

(1. School of Information Science and Engineering, Shandong Normal University, Jinan 250014, China; 2. State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China)

出版日期:2013-04-30 发布日期:2013-05-10
通讯作者: LIU Feng(刘枫) E-mail:liufengbiji@163.com

Differential Fault Analysis and Meet-in-the-Middle Attack on the Block Cipher KATAN32

ZHANG Wen-ying1,2 (张文英), LIU Feng1* (刘枫), LIU Xuan1 (刘宣), MENG Shuai1 (孟帅)

(1. School of Information Science and Engineering, Shandong Normal University, Jinan 250014, China; 2. State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China)

Online:2013-04-30 Published:2013-05-10
Contact: LIU Feng(刘枫) E-mail:liufengbiji@163.com

摘要/Abstract

摘要： We investigate the lightweight block cipher KATAN family which consists of three variants with 32, 48 and 64-bit block sizes, called KATAN32, KATAN48 and KATAN64 respectively. However, three variants all have the same key length of 80 bits. On the basis of the bit-oriented faulty model and the differential analysis principle, we describe the attack that combines differential fault attack with the meet-in-the-middle (MITM) attack on the KATAN32. More precisely, inducing a fault at a bit, we can recover some linear differential fault equations on the key bits. During solving equations, without the help of computer, we need only algebraic deduction to obtain relations of some key bits. The complexity in this process is neglectable. The secret key of the full cipher can be recovered faster than exhaustive search for all three block sizes in the KATAN family. Our result describes that KATAN32 is vulnerable.

关键词: KATAN32, differential fault analysis, meet-in-the-middle (MITM) attack, block cipher, lightweight cipher

Abstract: We investigate the lightweight block cipher KATAN family which consists of three variants with 32, 48 and 64-bit block sizes, called KATAN32, KATAN48 and KATAN64 respectively. However, three variants all have the same key length of 80 bits. On the basis of the bit-oriented faulty model and the differential analysis principle, we describe the attack that combines differential fault attack with the meet-in-the-middle (MITM) attack on the KATAN32. More precisely, inducing a fault at a bit, we can recover some linear differential fault equations on the key bits. During solving equations, without the help of computer, we need only algebraic deduction to obtain relations of some key bits. The complexity in this process is neglectable. The secret key of the full cipher can be recovered faster than exhaustive search for all three block sizes in the KATAN family. Our result describes that KATAN32 is vulnerable.

Key words: KATAN32, differential fault analysis, meet-in-the-middle (MITM) attack, block cipher, lightweight cipher

中图分类号:

TP 309.7

ZHANG Wen-ying1,2 (张文英), LIU Feng1* (刘枫), LIU Xuan1 (刘宣), MENG Shuai1 (孟帅). Differential Fault Analysis and Meet-in-the-Middle Attack on the Block Cipher KATAN32[J]. 上海交通大学学报（英文版）, 2013, 18(2): 147-152.

ZHANG Wen-ying1,2 (张文英), LIU Feng1* (刘枫), LIU Xuan1 (刘宣), MENG Shuai1 (孟帅). Differential Fault Analysis and Meet-in-the-Middle Attack on the Block Cipher KATAN32[J]. Journal of shanghai Jiaotong University (Science), 2013, 18(2): 147-152.

参考文献

[1] Canni′ere C D, Dunkelman O, Kneˇzevi′c M. KATAN & KTANTAN — A family of small and efficient hardware-oriented block ciphers [C]//Proceedings of Cryptographic Hardware and Embedded Systems. Berlin: Springer-Verlag, 2009: 272-288.
[2] Boneh D, Demillo R A, Lipton R J. On the importance of checking cryptographic protocols for faults [C]// Proceedings of EUROCRYPT’97, LNCS 1233. Berlin: Springer-Verlag, 1997: 37-51.
[3] Biham E, Shamir A. Differential cryptanalysis of DES-like cryptosystems [J]. Journal of Cryptology, 1991, 4(1): 3-72.
[4] Biham E, Shamir A. Differential fault analysis of secret key cryptosystems [C]//Proceedings of CRYPTO 1997, LNCS 1294. Berlin: Springer-Verlag, 1997: 513-525.
[5] Diffie W, Hellman M E. Exhaustive cryptanalysis of the NBS data encryption standard [J]. IEEE Computer, 1977, 10(6): 74-84.
[6] Zhang Lei, Gu Da-wu, Guo Zheng, et al. Correlation power analysis and implementation on KATAN32 cipher [J]. Journal of Computer Applications, 2011, 31(2): 504-510 (in Chinese).
[7] Bard G V, Courtois N T, Nakahara J J, et al. Algebraic, AIDA/cube and side channel analysis of KATAN family of block ciphers [C]//Proceedings of INDOCRYPT. Berlin: Springer-Verlag, 2010: 176-196.
[8] Abdul-Latip S F, Reyhanitabar M R, Susilo W, et al. Fault analysis of the KATAN family of block ciphers [EB/OL](2012-05-11). http://ro.uow.edu.au/infopapers/1882.
[9] Knellwolf S, Meier W, Naya-Plasencia M. Conditional differential cryptanalysis of NLFSR-based cryptosystems [C]//Proceedings of ASIACRYPT 2010, LNCS 6744. Berlin: Springer-Verlag, 2010: 130-145.
[10] Knellwolf S, Meier W, Naya-Plasencia M. Conditional differential cryptanalysis of trivium and KATAN [C]//Proceedings of Selected Areas in Cryptography (SAC) 2011, LNCS 7118. Berlin: Springer-Verlag, 2012: 200-212.
[11] Zhang Wen-ying, Liu Xiang-zhong. A related-key and meet-in-the-middle match attack on the NFSR based block cipher KTANTAN32 [J]. Chinese Journal of Electronics, 2012, 40(10): 200-212 (in Chinese).
[12] Wei L, Rechberger C, Guo J, et al. Improved meet-in-the-middle cryptanalysis of KTANTAN [C]//Proceedings of ACISP 2011, LNCS 6812. Berlin: Springer-Verlag, 2011: 433-438.

Differential Fault Analysis and Meet-in-the-Middle Attack on the Block Cipher KATAN32

Differential Fault Analysis and Meet-in-the-Middle Attack on the Block Cipher KATAN32

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 4

编辑推荐

Metrics

本文评价

[1]	THAMANAM Srinivasa Rao, NAGARAJA Potti, NAIK B Balaji, MANJUNATHACHARI K. A Novel Image Encryption Technique Based on Inter Block Difference[J]. J Shanghai Jiaotong Univ Sci, 2021, 26(4): 488-493.
[2]	XU Yi-dong* (许一栋), LIU Sheng-li (刘胜利). One Construction of Chameleon All-But-One Trapdoor Functions[J]. 上海交通大学学报（英文版）, 2014, 19(4): 412-417.
[3]	HE Guo-feng 1(何国锋), LI Xiang-xue 2(李祥学), LI Qiang 3(李强), ZHENG Dong. Efficient Democratic Group Signatures with Threshold Traceability[J]. 上海交通大学学报（英文版）, 2011, 16(5): 530-532.
[4]	LONG Yu1* (龙宇), CHEN Ke-fei2 (陈克非), MAO Xian-ping1 (毛贤平). New Constructions of Dynamic Threshold Cryptosystem[J]. 上海交通大学学报（英文版）, 2014, 19(4): 431-435.