LBlock is a 32-round lightweight block cipher with 64-bit block size and 80-bit key. This paper identifies 16- round related-key impossible differentials of LBlock, which are better than the 15-round related-key impos...LBlock is a 32-round lightweight block cipher with 64-bit block size and 80-bit key. This paper identifies 16- round related-key impossible differentials of LBlock, which are better than the 15-round related-key impossible differentials used in the previous attack. Based on these 16-round related-key impossible differentials, we can attack 23 rounds of LBlock while the previous related-key impossible differential attacks could only work on 22-round LBlock. This makes our attack on LBlock the best attack in terms of the number of attacked rounds.展开更多
CAST-256, a first-round AES (Advanced Encryption Standard) candidate, is designed based on CAST-128. It is a 48-round Generalized-Feistel-Network cipher with ]28-bit block accepting 128, 160, 192, 224 or 256 bits ke...CAST-256, a first-round AES (Advanced Encryption Standard) candidate, is designed based on CAST-128. It is a 48-round Generalized-Feistel-Network cipher with ]28-bit block accepting 128, 160, 192, 224 or 256 bits keys. Its S-boxes are non-surjective with 8-bit input and 32-bit output. Wang et al. identified a 21-round linear approximation and gave a key recovery attack on 24-round CAST-256. In ASIACRYPT 2012, Bogdanov et al. presented the multidimensional zero-correlation linear cryptanalysis of 28 rounds of CAST-256. By observing the property of the concatenation of forward quad-round and reverse quad-round and choosing the proper active round function, we construct a linear approximation of 26-round CAST-256 and recover partial key information on 32 rounds of CAST-256. Our result is the best attack according to the number of rounds for CAST-256 without weak-key assumption so far.展开更多
基金supported by the National Basic Research 973 Program of China under Grant No.2013CB834205the National Natural Science Foundation of China under Grant Nos.61133013,61070244,and 61103237+1 种基金the Program for New Century Excellent Talents in University of China under Grant No.NCET-13-0350the Interdisciplinary Research Foundation of Shandong University of China under Grant No.2012JC018
文摘LBlock is a 32-round lightweight block cipher with 64-bit block size and 80-bit key. This paper identifies 16- round related-key impossible differentials of LBlock, which are better than the 15-round related-key impossible differentials used in the previous attack. Based on these 16-round related-key impossible differentials, we can attack 23 rounds of LBlock while the previous related-key impossible differential attacks could only work on 22-round LBlock. This makes our attack on LBlock the best attack in terms of the number of attacked rounds.
基金supported by the National Basic Research 973 Program of China under Grant No.2013CB834205the National Natural Science Foundation of China under Grant Nos.61133013,61070244 and 61103237+1 种基金the Program for New Century Excellent Talents in University of China under Grant No.NCET-13-0350the Interdisciplinary Research Foundation of Shandong University under Grant No.2012JC018
文摘CAST-256, a first-round AES (Advanced Encryption Standard) candidate, is designed based on CAST-128. It is a 48-round Generalized-Feistel-Network cipher with ]28-bit block accepting 128, 160, 192, 224 or 256 bits keys. Its S-boxes are non-surjective with 8-bit input and 32-bit output. Wang et al. identified a 21-round linear approximation and gave a key recovery attack on 24-round CAST-256. In ASIACRYPT 2012, Bogdanov et al. presented the multidimensional zero-correlation linear cryptanalysis of 28 rounds of CAST-256. By observing the property of the concatenation of forward quad-round and reverse quad-round and choosing the proper active round function, we construct a linear approximation of 26-round CAST-256 and recover partial key information on 32 rounds of CAST-256. Our result is the best attack according to the number of rounds for CAST-256 without weak-key assumption so far.