CLEFIA

About: CLEFIA is a research topic. Over the lifetime, 124 publications have been published within this topic receiving 3350 citations.

Scrutinizing and Improving Impossible Differential Attacks: Applications to CLEFIA, Camellia, LBlock and Simon (Full Version)

Abstract: Impossible differential cryptanalysis has shown to be a very powerful form of cryptanalysis against block ciphers. These attacks, even if extensively used, remain not fully understood because of their high technicality. Indeed, numerous are the applications where mistakes have been discovered or where the attacks lack optimality. This paper aims in a first step at formalizing and improving this type of attacks and in a second step at applying our work to block ciphers based on the Feistel construction. In this context, we derive generic complexity analysis formulas for mounting such attacks and develop new ideas for optimizing impossible differential cryptanalysis. These ideas include for example the testing of parts of the internal state for reducing the number of involved key bits. We also develop in a more general way the concept of using multiple differential paths, an idea introduced before in a more restrained context. These advances lead to the improvement of previous attacks against well known ciphers such as CLEFIA-128 and Camellia, while also to new attacks against 23-round LBlock and all members of the Simon family.

Hardware Comparison of the ISO/IEC 29192-2 Block Ciphers

Abstract: As ubiquitous computing becomes a reality, sensitive information is increasingly processed and transmitted by smart cards, mobile devices and various types of embedded systems. This has led to the requirement of a new class of lightweight cryptographic algorithm to ensure security in these resource constrained environments. The International Organization for Standardization (ISO) has recently standardized two low-cost block ciphers for this purpose, Clefia and Present. In this paper we provide the first comprehensive hardware architecture comparison between these ciphers, as well as a comparison with the current National Institute of Standards and Technology (NIST) standard, the Advanced Encryption Standard.

Impossible Differential Cryptanalysis of CLEFIA

Abstract: This paper reports impossible differential cryptanalysis on the 128-bit block cipher CLEFIA that was proposed in 2007, including new 9-round impossible differentials for CLEFIA, and the result of an impossible differential attack using them. For the case of a 128-bit key, it is possible to apply the impossible differential attack to CLEFIA reduced to 12 rounds. The number of chosen plaintexts required is 2118.9and the time complexity is 2119. For key lengths of 192 bits and 256 bits, it is possible to apply impossible differential attacks to 13-round and 14-round CLEFIA. The respective numbers of chosen plaintexts required are 2119.8and 2120.3and the respective time complexities are 2146and 2212. These impossible differential attacks are the strongest method for attacking reduced-round CLEFIA.

Meet-in-the-Middle Technique for Integral Attacks against Feistel Ciphers

Abstract: In this paper, an improvement for integral attacks against Feistel ciphers is discussed. The new technique can reduce the complexity of the key recovery phase. This possibly leads to an extension of the number of attacked rounds. In the integral attack, an attacker guesses a part of round keys and performs the partial decryption. The correctness of the guess is judged by examining whether the XOR sum of the results becomes 0 or not. In this paper, it is shown that the computation of the XOR sum of the partial decryptions can be divided into two independent parts if the analysis target adopts the Feistel network or its variant. Then, correct key candidates are efficiently obtained with the meet-in-the-middle approach. The effect of our technique is demonstrated for several Feistel ciphers. Improvements on integral attacks against LBlock, HIGHT, and CLEFIA are presented. Particularly, the number of attacked rounds with integral analysis is extended for LBlock.

Automatic Search of Truncated Impossible Differentials for Word-Oriented Block Ciphers

Abstract: Impossible differential cryptanalysis is a powerful technique to recover the secret key of block ciphers by exploiting the fact that in block ciphers specific input and output differences are not compatible. This paper introduces a novel tool to search truncated impossible differentials for word-oriented block ciphers with bijective Sboxes. Our tool generalizes the earlier \(\mathcal{U}\)-method and the UID-method. It allows to reduce the gap between the best impossible differentials found by these methods and the best known differentials found by ad hoc methods that rely on cryptanalytic insights. The time and space complexities of our tool in judging an r-round truncated impossible differential are about O(c·l 4·r 4) and O(c′·l 2·r 2) respectively, where l is the number of words in the plaintext and c, c′ are constants depending on the machine and the block cipher. In order to demonstrate the strength of our tool, we show that it does not only allow to automatically rediscover the longest truncated impossible differentials of many word-oriented block ciphers, but also finds new results. It independently rediscovers all 72 known truncated impossible differentials on 9-round CLEFIA. In addition, it finds new truncated impossible differentials for AES, ARIA, Camellia without FL and FL− 1 layers, E2, LBlock, MIBS and Piccolo. Although our tool does not improve the lengths of impossible differentials for existing block ciphers, it helps to close the gap between the best known results of previous tools and those of manual cryptanalysis.