New observations on invariant subspace attack. (English) Zbl 1428.94087

Summary: Invariant subspace attack is a novel cryptanalytic technique which breaks several recently proposed lightweight block ciphers. In this paper, we propose a new method to bound the dimension of some invariant subspaces in a class of lightweight block ciphers which have a similar structure as the AES but with 4-bit Sboxes. With assumptions on the diffusion layer, the dimension of any invariant subspaces is at most 32 when the inputs into each Sboxes are linearly independent. The observation brings new insights about the invariant subspace attack, as well as lightweight countermeasures to enhance the resistance against it.


94A60 Cryptography
Full Text: DOI


[1] Bogdanov, A.; Knudsen, L. R.; Leander, G., PRESENT: an ultra-lightweight block cipher, (CHES 2007, (2007), Springer), 450-466 · Zbl 1142.94334
[2] Borghoff, J.; Canteaut, A.; Güneysu, T., PRINCE - a low-latency block cipher for pervasive computing applications, (ASIACRYPT 2012, (2012), Springer), 208-225 · Zbl 1292.94035
[3] Banik, S.; Bogdanov, A.; Isobe, T., Midori: a block cipher for low energy, (ASIACRYPT 2015, (2015), Springer), 411-436 · Zbl 1382.94057
[4] Beierle, C.; Jean, J.; Kölbl, S., The SKINNY family of block ciphers and its low-latency variant MANTIS, (CRYPTO 2016, (2016), Springer), 123-153 · Zbl 1372.94412
[5] Leander, G.; Abdelraheem, M. A.; AlKhzaimi, H., A cryptanalysis of printcipher: the invariant subspace attack, (CRYPTO 2011, (2011), Springer), 206-221 · Zbl 1287.94080
[6] Knudsen, L.; Leander, G.; Poschmann, A., Printcipher: a block cipher for IC-printing, (CHES 2010, (2010), Springer), 16-32 · Zbl 1297.94080
[7] Leander, G.; Minaud, B.; Rønjom, S., A generic approach to invariant subspace attacks: cryptanalysis of Robin, iscream and zorro, (EUROCRYPT 2015, (2015), Springer), 254-283 · Zbl 1370.94525
[8] Guo, J.; Jean, J.; Nikolić, I., Invariant subspace attack against midori64 and the resistance criteria for sbox designs, (2016), Cryptology, Report 2016/973
[9] Biham, E.; Shamir, A., Differential cryptanalysis of DES-LIKE cryptosystems, J. Cryptol., 4, 3-72, (1991) · Zbl 0729.68017
[10] Matsui, M., Linear cryptanalysis method for DES cipher, (EUROCRYPT 1993, (1993), Springer), 386-397 · Zbl 0951.94519
[11] Grosso, V.; Leurent, G.; Standaert, F.-X., LS-designs: bitslice encryption for efficient masked software implementations, (FSE 2014, (2014), Springer), 18-37 · Zbl 1382.94111
[12] Daemen, J.; Rijmen, V., Plateau characteristics, IET Inform. Secur., 1, 11-17, (2007)
[13] Boura, C.; Canteaut, A., A new criterion for avoiding the propagation of linear relations through an sbox, (FSE 2013, (2013), Springer), 585-604 · Zbl 1321.94046
[14] Guo, J.; Peyrin, T.; Poschmann, A., The LED block cipher, (CHES 2011, (2011)), 326-341 · Zbl 1291.94092
[15] Gong, Z.; Nikova, S.; Law, Y. W., KLEIN: a new family of lightweight block ciphers, (RFIDSec 2011, (2011)), 1-18
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. It attempts to reflect the references listed in the original paper as accurately as possible without claiming the completeness or perfect precision of the matching.