Differential Fault Analysis and Meet-in-the-Middle Attack on the Block Cipher KATAN32

doi:10.1007/s12204-013-1377-2

Journal of shanghai Jiaotong University (Science) ›› 2013, Vol. 18 ›› Issue (2): 147-152.doi: 10.1007/s12204-013-1377-2

• Articles • Previous Articles Next Articles

Differential Fault Analysis and Meet-in-the-Middle Attack on the Block Cipher KATAN32

ZHANG Wen-ying1,2 (张文英), LIU Feng1* (刘枫), LIU Xuan1 (刘宣), MENG Shuai1 (孟帅)

(1. School of Information Science and Engineering, Shandong Normal University, Jinan 250014, China; 2. State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China)
(1. School of Information Science and Engineering, Shandong Normal University, Jinan 250014, China; 2. State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China)

Online:2013-04-30 Published:2013-05-10
Contact: LIU Feng(刘枫) E-mail:liufengbiji@163.com

Abstract

Abstract: We investigate the lightweight block cipher KATAN family which consists of three variants with 32, 48 and 64-bit block sizes, called KATAN32, KATAN48 and KATAN64 respectively. However, three variants all have the same key length of 80 bits. On the basis of the bit-oriented faulty model and the differential analysis principle, we describe the attack that combines differential fault attack with the meet-in-the-middle (MITM) attack on the KATAN32. More precisely, inducing a fault at a bit, we can recover some linear differential fault equations on the key bits. During solving equations, without the help of computer, we need only algebraic deduction to obtain relations of some key bits. The complexity in this process is neglectable. The secret key of the full cipher can be recovered faster than exhaustive search for all three block sizes in the KATAN family. Our result describes that KATAN32 is vulnerable.

Key words: KATAN32| differential fault analysis| meet-in-the-middle (MITM) attack| block cipher| lightweight cipher

摘要： We investigate the lightweight block cipher KATAN family which consists of three variants with 32, 48 and 64-bit block sizes, called KATAN32, KATAN48 and KATAN64 respectively. However, three variants all have the same key length of 80 bits. On the basis of the bit-oriented faulty model and the differential analysis principle, we describe the attack that combines differential fault attack with the meet-in-the-middle (MITM) attack on the KATAN32. More precisely, inducing a fault at a bit, we can recover some linear differential fault equations on the key bits. During solving equations, without the help of computer, we need only algebraic deduction to obtain relations of some key bits. The complexity in this process is neglectable. The secret key of the full cipher can be recovered faster than exhaustive search for all three block sizes in the KATAN family. Our result describes that KATAN32 is vulnerable.

关键词: KATAN32| differential fault analysis| meet-in-the-middle (MITM) attack| block cipher| lightweight cipher

CLC Number:

TP 309.7

ZHANG Wen-ying1,2 (张文英), LIU Feng1* (刘枫), LIU Xuan1 (刘宣), MENG Shuai1 (孟帅). Differential Fault Analysis and Meet-in-the-Middle Attack on the Block Cipher KATAN32[J]. Journal of shanghai Jiaotong University (Science), 2013, 18(2): 147-152.

References

[1] Canni′ere C D, Dunkelman O, Kneˇzevi′c M. KATAN & KTANTAN — A family of small and efficient hardware-oriented block ciphers [C]//Proceedings of Cryptographic Hardware and Embedded Systems. Berlin: Springer-Verlag, 2009: 272-288.
[2] Boneh D, Demillo R A, Lipton R J. On the importance of checking cryptographic protocols for faults [C]// Proceedings of EUROCRYPT’97, LNCS 1233. Berlin: Springer-Verlag, 1997: 37-51.
[3] Biham E, Shamir A. Differential cryptanalysis of DES-like cryptosystems [J]. Journal of Cryptology, 1991, 4(1): 3-72.
[4] Biham E, Shamir A. Differential fault analysis of secret key cryptosystems [C]//Proceedings of CRYPTO 1997, LNCS 1294. Berlin: Springer-Verlag, 1997: 513-525.
[5] Diffie W, Hellman M E. Exhaustive cryptanalysis of the NBS data encryption standard [J]. IEEE Computer, 1977, 10(6): 74-84.
[6] Zhang Lei, Gu Da-wu, Guo Zheng, et al. Correlation power analysis and implementation on KATAN32 cipher [J]. Journal of Computer Applications, 2011, 31(2): 504-510 (in Chinese).
[7] Bard G V, Courtois N T, Nakahara J J, et al. Algebraic, AIDA/cube and side channel analysis of KATAN family of block ciphers [C]//Proceedings of INDOCRYPT. Berlin: Springer-Verlag, 2010: 176-196.
[8] Abdul-Latip S F, Reyhanitabar M R, Susilo W, et al. Fault analysis of the KATAN family of block ciphers [EB/OL](2012-05-11). http://ro.uow.edu.au/infopapers/1882.
[9] Knellwolf S, Meier W, Naya-Plasencia M. Conditional differential cryptanalysis of NLFSR-based cryptosystems [C]//Proceedings of ASIACRYPT 2010, LNCS 6744. Berlin: Springer-Verlag, 2010: 130-145.
[10] Knellwolf S, Meier W, Naya-Plasencia M. Conditional differential cryptanalysis of trivium and KATAN [C]//Proceedings of Selected Areas in Cryptography (SAC) 2011, LNCS 7118. Berlin: Springer-Verlag, 2012: 200-212.
[11] Zhang Wen-ying, Liu Xiang-zhong. A related-key and meet-in-the-middle match attack on the NFSR based block cipher KTANTAN32 [J]. Chinese Journal of Electronics, 2012, 40(10): 200-212 (in Chinese).
[12] Wei L, Rechberger C, Guo J, et al. Improved meet-in-the-middle cryptanalysis of KTANTAN [C]//Proceedings of ACISP 2011, LNCS 6812. Berlin: Springer-Verlag, 2011: 433-438.

Differential Fault Analysis and Meet-in-the-Middle Attack on the Block Cipher KATAN32

Differential Fault Analysis and Meet-in-the-Middle Attack on the Block Cipher KATAN32

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 3

Recommended Articles

Metrics

Comments

[1]	ZHANG Zhongya1,2,GUAN Jie1. Differential Analysis of Stream Cipher Phelix [J]. Journal of Shanghai Jiaotong University, 2013, 47(07): 1131-1136.
[2]	ZHANG Zhong-Ya, GUAN Jie. Differential Fault Analysis on the Stream Cipher LEX [J]. Journal of Shanghai Jiaotong University, 2012, 46(06): 865-869.
[3]	ZHANG Lei, GUO Jian-Sheng. Impossible Differential Cryptanalysis of ARIA [J]. Journal of Shanghai Jiaotong University, 2011, 45(07): 1063-1067.