Security Analysis of SKINNY under Related-Tweakey Settings (Long Paper).

In this work, we evaluate the security of SKINNY against differential cryptanalysis in the related-tweakey model. ... Next, actual differential trails for SKINNY under related-tweakey model are explored and optimal differential trails of SKINNY-64 within certain number of rounds are searched with an indirect searching ... Conclusion This paper analyzes the security of SKINNY under related-tweakey settings using impossible differential and rectangle attacks which have a data complexity below codebook. ...

doi:10.13154/tosc.v2017.i3.37-72 dblp:journals/tosc/LiuGL17 fatcat:aowr3iihtnhqtgcy6y47uvofmu

DOAJ OJS

In this work, we evaluate the security of SKINNY against differential cryptanalysis in the related-tweakey model. ... Next, actual differential trails for SKINNY under related-tweakey model are explored and optimal differential trails of SKINNY-64 within certain number of rounds are searched with an indirect searching ... Conclusion This paper analyzes the security of SKINNY under related-tweakey settings using impossible differential and rectangle attacks which have a data complexity below codebook. ...

doi:10.46586/tosc.v2017.i3.37-72 fatcat:ekler62d6zbcjndcr5ojb7gkti

DOAJ OJS

In the last part of the paper, we provide a variety of ASIC implementations of our schemes and propose new simple SKINNY-AEAD and SKINNY-Hash variants with a reduced number of rounds while maintaining ... To highlight the extensive amount of third-party analysis that SKINNY obtained since its publication, we briefly survey the existing cryptanalysis results for SKINNY-128-256 and SKINNY-128-384 as of February ... Acknowledgements The work described in this paper has been supported in part by the Deutsche Forschungsgemeinschaft (DFG, German Research Foundation) under Germany's Excellence Strategy -EXC 2092 CASA ...

doi:10.13154/tosc.v2020.is1.88-131 dblp:journals/tosc/BeierleJKLMPSSS20 fatcat:u4jtzsxthjgs7gkroyq5o7mv6y

DOAJ OJS

We present a new tweakable block cipher family SKINNY, whose goal is to compete with NSA recent design SIMON in terms of hardware/software performances, while proving in addition much stronger security ... Secondly, we present MANTIS, a dedicated variant of SKINNY for lowlatency implementations, that constitutes a very efficient solution to the problem of designing a tweakable block cipher for memory encryption ... Security Analysis In this section, we provide a short summary of the in-depth analysis we conducted on the security of the SKINNY family of block ciphers. ...

doi:10.1007/978-3-662-53008-5_5 fatcat:ksxdbtvcczhffd43ovxtxhw6iy

The design and analysis of dedicated tweakable block ciphers is a quite recent and very active research field that provides an ongoing stream of new insights. ... Moreover, this also implies the existence of integral distinguishers on the same number of rounds. We have applied our technique on round reduced versions of QARMA, MANTIS, and Skinny. ... The property of linear hulls under the related-key setting was also discussed by Bogdanov et al. in [BBR + 13] . ...

doi:10.5281/zenodo.2593578 fatcat:rka7qhw4l5b75bnhdfugcixnzi

Open Access

The design and analysis of dedicated tweakable block ciphers is a quite recent and very active research field that provides an ongoing stream of new insights. ... Moreover, this also implies the existence of integral distinguishers on the same number of rounds. We have applied our technique on round reduced versions of Qarma, Mantis, and Skinny. ... The property of linear hulls under the related-key setting was also discussed by Bogdanov et al. in [BBR + 13] . ...

doi:10.13154/tosc.v2019.i1.192-235 dblp:journals/tosc/AnkeleDGLLT19 fatcat:ixcmix2zjrhojnn7aj6vid432u

DOAJ OJS

The design and analysis of dedicated tweakable block ciphers is a quite recent and very active research field that provides an ongoing stream of new insights. ... Moreover, this also implies the existence of integral distinguishers on the same number of rounds. We have applied our technique on round reduced versions of Qarma, Mantis, and Skinny. ... The property of linear hulls under the related-key setting was also discussed by Bogdanov et al. in [BBR + 13] . ...

doi:10.46586/tosc.v2019.i1.192-235 fatcat:ivshx5lfhjfbdlezsmg743phvy

DOAJ OJS

In April 2018, Beierle et al. launched the 3rd SKINNY cryptanalysis competition, a contest that aimed at motivating the analysis of their recent tweakable block cipher SKINNY. ... In this paper, we explain how to solve the challenges for 10-round SKINNY-128-128 and for 12-round SKINNY-64-128 in time equivalent to roughly 2 52 simple operations. ... The definition of the tweakey schedule of SKINNY implies that the round tweakeys of all the even rounds (similarly of all the odd rounds) are related together by linear relations. ...

doi:10.1007/978-3-030-38471-5_6 fatcat:v7oevhhgyzbxva7kywcpzaxgju

In this paper, we try to combine the two phases in a uniform automatic model.Concretely, we apply this idea to automate the related-key rectangle attacks on SKINNY and ForkSkinny. ... Our key-recovery attacks on a few versions of round-reduced SKINNY and ForkSkinny cover 1 to 2 more rounds than the best previous attacks. ... And Romulus is one of the finalists in the LWC project. So the security analysis of SKINNY is of great importance, which also affects the security evaluation of these candidates. ...

doi:10.46586/tosc.v2021.i2.249-291 fatcat:43ui6tm7evbftjoylx4o5djksi

DOAJ OJS

In the application to AES, the new framework is used to exclude incompatibility and find high probability distinguishers of AES-128 under the related-subkey setting. ... between the two differential trails is handled by a careful analysis of the probability of the middle part Em. ... In Table 5 , we copy the lowerbounds on the number of active S-boxes in SKINNY under the related-tweakey setting from [BJK + 16] . ...

doi:10.46586/tosc.v2019.i1.118-141 fatcat:oaycmbqhbjaclbgfatllgq4mym

DOAJ OJS

In the application to AES, the new framework is used to exclude incompatibility and find high probability distinguishers of AES-128 under the related-subkey setting. ... between the two differential trails is handled by a careful analysis of the probability of the middle part Em. ... In Table 5 , we copy the lowerbounds on the number of active S-boxes in SKINNY under the related-tweakey setting from [BJK + 16] . ...

doi:10.13154/tosc.v2019.i1.118-141 dblp:journals/tosc/SongQH19 fatcat:my5o766t5vfl5mmpes35puzpcy

DOAJ OJS

As a result, we find 16 related-tweakey impossible differentials for 12-round SKINNY-64-128 based on which we construct an 18-round attack on SKINNY-64-128 (one target version for the crypto competition ... 6-round AES-128 in the related-key model. ... The figure of AES in the paper is produced by TkiZ [Jea16] . The work of this paper was supported by the National Key ...

doi:10.13154/tosc.v2017.i1.281-306 dblp:journals/tosc/SunGLYTQH17 fatcat:txrp6m7oxjbq3nbvcwxzfw4jky

DOAJ OJS

CRAFT is another SKINNY-like tweakable block cipher for which we provide the security analysis against rectangle attack for the first time. ... Based on the improved boomerang distinguishers for SKINNY, we provide related-tweakey rectangle attacks on 23 rounds of SKINNY-64-128, 24 rounds of SKINNY-128-256, 29 rounds of SKINNY-64-192, and 30 rounds ... Nasour Bagheri was supported in part by the Iran National Science Foundation (INSF) under contract No. 98010674. ...

doi:10.46586/tosc.v2021.i2.140-198 fatcat:xucyzoijpzapvfs7dcvcwegn3e

DOAJ OJS

Note that this paper only gives a more accurate security evaluation and does not threaten the security of full-round Deoxys-BC-256. ... In this study, by adequately studying the tweakey schedule, we seek a six-round related-tweakey impossible distinguisher of Deoxys-BC-256, which is transformed from a 3.5-round single-key impossible distinguisher ... In Deoxys, the size of the key and the tweak can vary within the tweakey length as long as the key size is longer than or equal to the block size, i.e., 128 bits. Related work. At FSE 2018, Ref. ...

doi:10.1007/s11432-017-9382-2 fatcat:ahnnhe4na5hsjkqkcz2uq7zao4

To illustrate the power of the BCT-based analysis, we improve boomerang attacks against Deoxys-BC, and disclose the mechanism behind an unsolved probability amplification for generating a quartet in SKINNY ... Crucially the validity of this figure is under the assumption that the characteristics for E0 and E1 can be chosen independently. ... We also thank attendees of the 2018 Dagstuhl seminar for Symmetric Cryptography, who provided us with various comments. The last author is supported by the ...

doi:10.1007/978-3-319-78375-8_22 fatcat:3shnwhxr7jbglipivjqw2iu4ye

Security Analysis of SKINNY under Related-Tweakey Settings (Long Paper)

Preserved Fulltext

Security Analysis of SKINNY under Related-Tweakey Settings

Preserved Fulltext

SKINNY-AEAD and SKINNY-Hash

Preserved Fulltext

The SKINNY Family of Block Ciphers and Its Low-Latency Variant MANTIS [chapter]

Preserved Fulltext

Zero-Correlation Attacks on Tweakable Block Ciphers with Linear Tweakey Expansion

Preserved Fulltext

Zero-Correlation Attacks on Tweakable Block Ciphers with Linear Tweakey Expansion

Preserved Fulltext

Zero-Correlation Attacks on Tweakable Block Ciphers with Linear Tweakey Expansion

Preserved Fulltext

Cryptanalysis of SKINNY in the Framework of the SKINNY 2018–2019 Cryptanalysis Competition [chapter]

Preserved Fulltext

Automated Search Oriented to Key Recovery on Ciphers with Linear Key Schedule

Preserved Fulltext

Boomerang Connectivity Table Revisited. Application to SKINNY and AES

Preserved Fulltext

Boomerang Connectivity Table Revisited. Application to SKINNY and AES

Preserved Fulltext

Analysis of AES, SKINNY, and Others with Constraint Programming

Preserved Fulltext

Improved Rectangle Attacks on SKINNY and CRAFT

Preserved Fulltext

Related-tweakey impossible differential attack on reduced-round Deoxys-BC-256

Preserved Fulltext

Boomerang Connectivity Table: A New Cryptanalysis Tool [chapter]

Preserved Fulltext