Abstract
In this paper, we present some new observations on the branch number and study concrete differential analysis of SPEEDY. It is a new low-latency block cipher proposed at TCHES 2021. It employs SPS-type round function and consists of only 5/6/7 rounds. Since the iteration rounds are rather small so as to achieve ultra low-latency in encryption speed, it will be crucially important to analyze its security margin accurately. In this paper, we first propose a new notation of partition branch number which can describe the minimum number of active S-boxes for 2-round SPEEDY more accurately. An efficient algorithm to compute the value of partition branch number is also given. Then by extending the notation to higher-order partition branch number, we can obtain more accurate results of the minimum number of active S-boxes for 3–7 rounds. As a result, the maximum expected differential probabilities are significantly higher than the results estimated by designers. Based on this, we search for optimal differential characteristics of SPEEDY while considering the difference distribution table of S-box. We present examples of differential characteristics for 2–7 rounds. Furthermore, by utilizing the simple bit-permutation key schedule of SPEEDY, we can extend the differential trail search method and construct an efficient 6-round related-key differential trail with probability \(2^{-179.2}\). Based on it, we can present related-key differential attack on full round SPEEDY-7-192 with data complexity of \(2^{186.2}\) chosen-plaintexts and time complexity of \(2^{160.13}\) encryptions.
Similar content being viewed by others
References
Avanzi R.: The QARMA block cipher family. IACR Trans. Symmetric Cryptol. 2017(1), 4–44 (2017).
Banik S., Bao Z., Isobe T., Kubo H., Liu F., Minematsu K., Sakamoto K., Shibata N., Shigeri M.: WARP: revisiting GFN for lightweight 128-bit block cipher. In: Dunkelman O., et al. (eds.) SAC 2020, vol. 12804, pp. 535–564. LNCS. Springer, Heidelberg (2021).
Banik S., Bogdanov A., Isobe T., Shibutani K., Hiwatari H., Akishita T., Regazzoni F.: Midori: a block cipher for low energy. In: Iwata T., Cheon J.H. (eds.) ASIACRYPT 2015, vol. 9453, pp. 411–436. LNCS. Springer, Heidelberg (2015).
Banik S., Isobe T., Liu F., Minematsu K., Sakamoto K.: Orthros: a low-latency PRF. IACR Trans. Symmetric Cryptol. 2021(1), 37–77 (2021).
Beaulieu R., Shors D., Smith J., Treatman-Clark S., Weeks B., Wingers L.: The SIMON and SPECK families of lightweight block ciphers. IACR Cryptology ePrint Archive 2013/404 (2013)
Beierle C., Leander G., Moradi A., Rasoolzadeh S.: CRAFT: lightweight tweakable block cipher with efficient protection against DFA attacks. IACR Trans. Symmetric Cryptol. 2019(1), 5–45 (2019).
Beierle C., Jean J., Kolbl S., Leander G., Moradi A., Peyrin T., Sasaki Y., Sasdrich P., Sim S.M.: The SKINNY family of block ciphers and its low-latency variant MANTIS. In: Robshaw M., Katz J. (eds.) CRYPTO 2016, vol. 9815, pp. 123–153. LNCS. Springer, Heidelberg (2016).
Bogdanov A., Knudsen L.R., Leander G., Parr C., Poschmann A., Robshaw M.J.B., Seurin Y., Vikkelsoe C.: PRESENT: an ultra-lightweight block cipher. In: Paillier P., Verbauwhed I. (eds.) CHES 2007, vol. 4727, pp. 450–466. LNCS. Springer, Heidelberg (2007).
Borghoff J., Canteaut A., Guneysu T., Kavun E.B., Knezevic M., Knudsen L.R., Leander G., Nikov V., Paar C., Rechberger C., Rombouts P., Thomsen S.S., Yalcm T.: PRINCE - a low-latency block cipher for pervasive computing applications. In: Wang X., Sako K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 208-225. Springer (2011)
Boura C., David N., Heim Boissier R., Naya-Plasencia M.: Better steady than speedy: full break of SPEEDY-7-192. Cryptology ePrint Archive, Paper 2022/1351 (2022). https://eprint.iacr.org/2022/1351
Boura C., David N., Heim Boissier R., Naya-Plasencia M.: Better steady than speedy: full break of SPEEDY-7-192. EUROCRYPT 2023. LNCS, vol. 14007, pp. 36-66. Springer, Heidelberg (2023)
Bozilov D., Eichlseder M., Knezevic M., Lambin B., Leander G., Moos T., Nikov V., Rasoolzadeh S., Todo Y., Wiemer F.: PRINCEv2: more security for (almost) no overhead. In: Dunkelman O., et al. (eds.) SAC 2020, vol. 12804, pp. 483–511. LNCS. Springer, Heidelberg (2021).
Canniere C.D., Dunkelman O., Knezevic M.: KATAN and KTANTAN—a family of small and efficient hardware-oriented block ciphers. In: Clavier C., Gaj K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 272-288. Springer (2009)
Dobraunig C., Eichlseder M., Kales D.: Practical key-recovery attack on MANTIS5. IACR Trans. Symmetric Cryptol. 2016(2), 248–260 (2016).
Leander G., Moos T., Moradi A., Rasoolzadeh S.: The SPEEDY family of block ciphers. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2021(4), 510–545 (2021).
NIST: Advanced Encryption Standard (AES). FIPS PUB 197, National Institute of Standards and Technology (2001)
NXP: AN12278 LPC55S00 security solutions for IoT (2020). https://www.nxp.com/docs/en/application-note/AN12278.pdf
Qualcomm Product Security: Pointer authentication on ARMv8.3—design and analysis of the new sotfware security instructions (2017). https://www.qualcomm.com/documents/whitepaper-pointer-authentication-armv83
Rohit R., Sarkar S.: Cryptanalysis of reduced round SPEEDY. Africacrypt 2022. Cryptology ePrint Archive, Paper 2022/612 (2022). https://eprint.iacr.org/2022/612
Shibutani K., Isobe T., Hiwatari H., Mitsuda A., Akishita T., Shirai T.: Piccolo: an ultra-lightweight blockcipher. In: Preneel B., Takagi T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 342-357. Springer (2011)
Soleimany H., Blondeau C., Yu X., Wu W., Nyberg K., Zhang H., Zhang L., Wang Y.: Reflection cryptanalysis of PRINCE-like ciphers. J. Cryptol. 28(3), 718–744 (2015).
Suzaki T., Minematsu K., Morioka S., Kobayashi E.: TWINE: a lightweight block cipher for multiple platforms. In: Knudsen L.R., Wu H. (eds.) SAC 2012. LNCS, vol. 7707, pp. 339-354. Springer (2013)
Wu W., Zhang L.: LBlock: a lightweight block cipher. In: Lopez J., Tsudik G. (eds.) ACNS 2011, vol. 6715, pp. 327–344. LNCS. Springer, Heidelberg (2011).
Acknowledgements
This work is supported by the CAS Project for Young Scientists in Basic Research (Grant No. YSBR-035), and National Natural Science Foundation of China (No. 62072445). Moreover, the author is very grateful to the anonymous reviewers for their helpful comments and suggestions.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Competing interest
The authors have no competing interests to declare that are relevant to the content of this article.
Additional information
Communicated by X. Wang.
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Zhang, L. Observations on the branch number and differential analysis of SPEEDY. Des. Codes Cryptogr. (2023). https://doi.org/10.1007/s10623-023-01336-z
Received:
Revised:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10623-023-01336-z