Abstract
Block ciphers are often used as building blocks for one-way compression functions, which in turn, can be employed to construct hash functions. Two well-known important methods in the design of one-way compression function from block ciphers are the Davies-Meyer compression and the Myagushi-Preneel compression. To verify the security of such a construction, it is necessary to evaluate the robustness of the underlying block cipher against, e.g., the secret key, which is the so-called known-key model. In this paper, we evaluate the security of the lightweight block cipher GIFT-64 in the known-key setting, when used as a building block of hash functions. We significantly improve the known-key distinguisher to full GIFT-64. The distinguisher is composed of truncated differentials over 13 rounds and a meet-in-the-middle distinguisher over 15 rounds. We leverage a relationship between truncated differentials and multiple linear approximations cryptanalysis. It allows us to transfer searching for truncated differentials to constructing multiple linear approximations, resulting in the improved probability of truncated differentials.
To collect the related linear approximations as many as possible, we use a relatively low-dimensional binary correlation matrix where the hamming weight of the linear mask for the internal state can reach 8. Employing this correlation matrix, we precisely calculate all linear approximations that satisfy the specific conditions. To obtain a full-round distinguisher, these approximations are pre-filtered by a meet-in-the-middle distinguisher via a new matching method called rotational recombination. We would like to highlight that our distinguisher can apply successfully to the full-round GIFT-64 with a time complexity of \(2^{60}\). Furthermore, we implement the attack successfully on a variant of GIFT-64, GIFT-64[\(g_0^c\)], proposed at Eurocrypt 2022.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Adomnicai, A., Najm, Z., Peyrin, T.: Fixslicing: a new GIFT representation fast constant-time implementations of GIFT and GIFT-COFB on ARM Cortex-M. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2020, 402–427 (2020). https://doi.org/10.13154/tches.v2020.i3.402-427
Banik, S., et al.: GIFT-COFB. IACR Cryptology ePrint Archive, p. 738 (2020). https://eprint.iacr.org/2020/738
Banik, S., Pandey, S.K., Peyrin, T., Sasaki, Yu., Sim, S.M., Todo, Y.: GIFT: a small present. In: Fischer, W., Homma, N. (eds.) CHES 2017. LNCS, vol. 10529, pp. 321–345. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66787-4_16
Blondeau, C., Nyberg, K.: New links between differential and linear cryptanalysis. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 388–404. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38348-9_24
Blondeau, C., Peyrin, T., Wang, L.: Known-key distinguisher on full PRESENT. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 455–474. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-47989-6_22
Bogdanov, A., et al.: PRESENT: an ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74735-2_31
Bogdanov, A., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y.: Hash functions and RFID tags: mind the gap. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 283–299. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85053-3_18
Dong, X., Guo, J., Li, S., Pham, P.: Triangulating rebound attack on AES-like hashing. In: Dodis, Y., Shrimpton, T. (eds.) CRYPTO 2022. LNCS, vol. 13507, pp. 94–124. Springer, Santa Barbara (2022). https://doi.org/10.1007/978-3-031-15802-5_4
Flórez-Gutiérrez, A., Naya-Plasencia, M.: Improving key-recovery in linear attacks: application to 28-round PRESENT. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12105, pp. 221–249. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45721-1_9
Gilbert, H.: A simplified representation of AES. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 200–222. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45611-8_11
Hao, Y., Meier, W.: Truncated differential based known-key attacks on round-reduced SIMON. Des. Codes Cryptogr. 2017(83), 467–492 (2017). https://doi.org/10.1007/s10623-016-0242-3
Ji, F., Zhang, W., Zhou, C., Ding, T.: Improved (related-key) differential cryptanalysis on GIFT. In: Dunkelman, O., Jacobson, Jr., M.J., O’Flynn, C. (eds.) SAC 2020. LNCS, vol. 12804, pp. 198–228. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-81652-0_8
Knudsen, L.R., Rijmen, V.: Known-key distinguishers for some block ciphers. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 315–324. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-76900-2_19
Liu, Y., Sasaki, Yu.: Related-key boomerang attacks on GIFT with automated trail search including BCT effect. In: Jang-Jaccard, J., Guo, F. (eds.) ACISP 2019. LNCS, vol. 11547, pp. 555–572. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-21548-4_30
Sasaki, Yu.: Meet-in-the-middle preimage attacks on AES hashing modes and an application to whirlpool. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 378–396. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-21702-9_22
Selçuk, A.A.: On probability of success in linear and differential cryptanalysis. J. Cryptol. 21(1), 131–147 (2008). https://doi.org/10.1007/s00145-007-9013-7
Sun, L., Preneel, B., Wang, W., Wang, M.: A greater GIFT: strengthening GIFT against statistical cryptanalysis. Cryptology Accepted by Eurocrypt, p. 243 (2022). https://eprint.iacr.org/2022/243
Sun, L., Wang, W., Wang, M.: Accelerating the search of differential and linear characteristics with the SAT method. IACR Trans. Symmetric Cryptol. 2021(1), 269–315 (2021). https://doi.org/10.46586/tosc.v2021.i1.269-315
Sun, L., Wang, W., Wang, M.: Improved attacks on GIFT-64. In: AlTawy, R., Hülsing, A. (eds.) SAC 2021. LNCS, vol. 13203, pp. 246–265. Springer, Cham (2022). https://doi.org/10.1007/978-3-030-99277-4_12
Acknowledgements
The authors would like to thank anonymous reviewers for their helpful comments and suggestions. This paper is supported by the National Natural Science Foundation of China (Grants No. 62272282, 62071280) and the Natural Science Foundation of Shandong Province (Grants No. ZR2020KF011, ZR2020MF056). The third author is partially supported by the Slovenian Research Agency (Projects J1-4084, J1-2451 and N1-0159).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Sun, X., Zhang, W., Rodríguez, R., Liu, H. (2024). Known-Key Attack on GIFT-64 and GIFT-64[\(g_0^c\)] Based on Correlation Matrices. In: Zhu, T., Li, Y. (eds) Information Security and Privacy. ACISP 2024. Lecture Notes in Computer Science, vol 14895. Springer, Singapore. https://doi.org/10.1007/978-981-97-5025-2_2
Download citation
DOI: https://doi.org/10.1007/978-981-97-5025-2_2
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-97-5024-5
Online ISBN: 978-981-97-5025-2
eBook Packages: Computer ScienceComputer Science (R0)