Differential Cryptanalysis of Lightweight Block Ciphers SLIM and LCB

Yen Yee Chan; Cher Yin Khor; Je Sen Teh; Wei Jian Teng; Norziana Jamil

doi:10.1007/978-3-031-23098-1_4

Differential Cryptanalysis of Lightweight Block Ciphers SLIM and LCB

Yen Yee Chan
, Cher Yin Khor
, Je Sen Teh
, Wei Jian Teng
, Norziana Jamil

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

5 Citations (Scopus)

Abstract

In this paper, we analyze the security of two recently proposed ultra-lightweight block ciphers, SLIM and LCB. SLIM is designed based on the Feistel paradigm, operating on 32-bit blocks and has an 80-bit key. The designers claim that SLIM is immune to differential cryptanalysis after they were only able to find a trail of up to 7 rounds by using a heuristic method. LCB is another ultra-lightweight block cipher with a 32-bit block and instead uses a 64-bit secret key. It was designed based on a hybrid of Feistel and substitution-permutation network structures. Although no concrete security analyses were performed, the designers claim that 10 rounds of the cipher is secure enough against various attacks including differential cryptanalysis. We verify these claims by proposing differential attacks on both ciphers. For SLIM, we first report optimal (i.e., having the best differential probability) trails for up to 32 rounds found using an SMT solver. We then propose practical key recovery attacks on up to 14 rounds that recover the final round key with time complexity $$2^{32}$$. Next, a close inspection of LCB’s design revealed a lack of nonlinearity, whereby its S-box could be modelled as a permutation. As such, differential trails that hold with probability 1 can be trivially derived for any number of rounds of the cipher. A trivial distinguishing attack can be performed with just one known-ciphertext. We fix this flaw and go on to show that LCB is actually more secure (against differential cryptanalysis) than SLIM given the same number of rounds. To the best of our knowledge, these are the first third-party cryptanalysis attacks against both ciphers.

Original language	English
Title of host publication	Emerging Information Security and Applications - 3rd International Conference, EISA 2022, Proceedings
Editors	Jiageng Chen, Debiao He, Rongxing Lu
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	55-67
Number of pages	13
ISBN (Print)	9783031230974
DOIs	https://doi.org/10.1007/978-3-031-23098-1_4
Publication status	Published - 2022
Externally published	Yes
Event	3rd International Symposium on Emerging Information Security and Applications, EISA 2022 - Virtual, Online Duration: Oct 29 2022 → Oct 30 2022

Publication series

Name	Communications in Computer and Information Science
Volume	1641 CCIS
ISSN (Print)	1865-0929
ISSN (Electronic)	1865-0937

Conference

Conference	3rd International Symposium on Emerging Information Security and Applications, EISA 2022
City	Virtual, Online
Period	10/29/22 → 10/30/22

Keywords

Differential cryptanalysis
LCB
Lightweight block cipher
SLIM
SMT

ASJC Scopus subject areas

General Computer Science
General Mathematics

Access to Document

10.1007/978-3-031-23098-1_4

Cite this

Chan, Y. Y., Khor, C. Y., Teh, J. S., Teng, W. J., & Jamil, N. (2022). Differential Cryptanalysis of Lightweight Block Ciphers SLIM and LCB. In J. Chen, D. He, & R. Lu (Eds.), Emerging Information Security and Applications - 3rd International Conference, EISA 2022, Proceedings (pp. 55-67). (Communications in Computer and Information Science; Vol. 1641 CCIS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-23098-1_4

Differential Cryptanalysis of Lightweight Block Ciphers SLIM and LCB. / Chan, Yen Yee; Khor, Cher Yin; Teh, Je Sen et al.
Emerging Information Security and Applications - 3rd International Conference, EISA 2022, Proceedings. ed. / Jiageng Chen; Debiao He; Rongxing Lu. Springer Science and Business Media Deutschland GmbH, 2022. p. 55-67 (Communications in Computer and Information Science; Vol. 1641 CCIS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Chan, YY, Khor, CY, Teh, JS, Teng, WJ & Jamil, N 2022, Differential Cryptanalysis of Lightweight Block Ciphers SLIM and LCB. in J Chen, D He & R Lu (eds), Emerging Information Security and Applications - 3rd International Conference, EISA 2022, Proceedings. Communications in Computer and Information Science, vol. 1641 CCIS, Springer Science and Business Media Deutschland GmbH, pp. 55-67, 3rd International Symposium on Emerging Information Security and Applications, EISA 2022, Virtual, Online, 10/29/22. https://doi.org/10.1007/978-3-031-23098-1_4

Chan YY, Khor CY, Teh JS, Teng WJ, Jamil N. Differential Cryptanalysis of Lightweight Block Ciphers SLIM and LCB. In Chen J, He D, Lu R, editors, Emerging Information Security and Applications - 3rd International Conference, EISA 2022, Proceedings. Springer Science and Business Media Deutschland GmbH. 2022. p. 55-67. (Communications in Computer and Information Science). doi: 10.1007/978-3-031-23098-1_4

Chan, Yen Yee ; Khor, Cher Yin ; Teh, Je Sen et al. / Differential Cryptanalysis of Lightweight Block Ciphers SLIM and LCB. Emerging Information Security and Applications - 3rd International Conference, EISA 2022, Proceedings. editor / Jiageng Chen ; Debiao He ; Rongxing Lu. Springer Science and Business Media Deutschland GmbH, 2022. pp. 55-67 (Communications in Computer and Information Science).

@inproceedings{24453a85238e4ccb8bd99a851eda3209,

title = "Differential Cryptanalysis of Lightweight Block Ciphers SLIM and LCB",

abstract = "In this paper, we analyze the security of two recently proposed ultra-lightweight block ciphers, SLIM and LCB. SLIM is designed based on the Feistel paradigm, operating on 32-bit blocks and has an 80-bit key. The designers claim that SLIM is immune to differential cryptanalysis after they were only able to find a trail of up to 7 rounds by using a heuristic method. LCB is another ultra-lightweight block cipher with a 32-bit block and instead uses a 64-bit secret key. It was designed based on a hybrid of Feistel and substitution-permutation network structures. Although no concrete security analyses were performed, the designers claim that 10 rounds of the cipher is secure enough against various attacks including differential cryptanalysis. We verify these claims by proposing differential attacks on both ciphers. For SLIM, we first report optimal (i.e., having the best differential probability) trails for up to 32 rounds found using an SMT solver. We then propose practical key recovery attacks on up to 14 rounds that recover the final round key with time complexity \$\$2\textasciicircum{}\{32\}\$\$. Next, a close inspection of LCB{\textquoteright}s design revealed a lack of nonlinearity, whereby its S-box could be modelled as a permutation. As such, differential trails that hold with probability 1 can be trivially derived for any number of rounds of the cipher. A trivial distinguishing attack can be performed with just one known-ciphertext. We fix this flaw and go on to show that LCB is actually more secure (against differential cryptanalysis) than SLIM given the same number of rounds. To the best of our knowledge, these are the first third-party cryptanalysis attacks against both ciphers.",

keywords = "Differential cryptanalysis, LCB, Lightweight block cipher, SLIM, SMT",

author = "Chan, \{Yen Yee\} and Khor, \{Cher Yin\} and Teh, \{Je Sen\} and Teng, \{Wei Jian\} and Norziana Jamil",

note = "Publisher Copyright: {\textcopyright} 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.; 3rd International Symposium on Emerging Information Security and Applications, EISA 2022 ; Conference date: 29-10-2022 Through 30-10-2022",

year = "2022",

doi = "10.1007/978-3-031-23098-1\_4",

language = "English",

isbn = "9783031230974",

series = "Communications in Computer and Information Science",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "55--67",

editor = "Jiageng Chen and Debiao He and Rongxing Lu",

booktitle = "Emerging Information Security and Applications - 3rd International Conference, EISA 2022, Proceedings",

}

TY - GEN

T1 - Differential Cryptanalysis of Lightweight Block Ciphers SLIM and LCB

AU - Chan, Yen Yee

AU - Khor, Cher Yin

AU - Teh, Je Sen

AU - Teng, Wei Jian

AU - Jamil, Norziana

PY - 2022

Y1 - 2022

N2 - In this paper, we analyze the security of two recently proposed ultra-lightweight block ciphers, SLIM and LCB. SLIM is designed based on the Feistel paradigm, operating on 32-bit blocks and has an 80-bit key. The designers claim that SLIM is immune to differential cryptanalysis after they were only able to find a trail of up to 7 rounds by using a heuristic method. LCB is another ultra-lightweight block cipher with a 32-bit block and instead uses a 64-bit secret key. It was designed based on a hybrid of Feistel and substitution-permutation network structures. Although no concrete security analyses were performed, the designers claim that 10 rounds of the cipher is secure enough against various attacks including differential cryptanalysis. We verify these claims by proposing differential attacks on both ciphers. For SLIM, we first report optimal (i.e., having the best differential probability) trails for up to 32 rounds found using an SMT solver. We then propose practical key recovery attacks on up to 14 rounds that recover the final round key with time complexity $$2^{32}$$. Next, a close inspection of LCB’s design revealed a lack of nonlinearity, whereby its S-box could be modelled as a permutation. As such, differential trails that hold with probability 1 can be trivially derived for any number of rounds of the cipher. A trivial distinguishing attack can be performed with just one known-ciphertext. We fix this flaw and go on to show that LCB is actually more secure (against differential cryptanalysis) than SLIM given the same number of rounds. To the best of our knowledge, these are the first third-party cryptanalysis attacks against both ciphers.

AB - In this paper, we analyze the security of two recently proposed ultra-lightweight block ciphers, SLIM and LCB. SLIM is designed based on the Feistel paradigm, operating on 32-bit blocks and has an 80-bit key. The designers claim that SLIM is immune to differential cryptanalysis after they were only able to find a trail of up to 7 rounds by using a heuristic method. LCB is another ultra-lightweight block cipher with a 32-bit block and instead uses a 64-bit secret key. It was designed based on a hybrid of Feistel and substitution-permutation network structures. Although no concrete security analyses were performed, the designers claim that 10 rounds of the cipher is secure enough against various attacks including differential cryptanalysis. We verify these claims by proposing differential attacks on both ciphers. For SLIM, we first report optimal (i.e., having the best differential probability) trails for up to 32 rounds found using an SMT solver. We then propose practical key recovery attacks on up to 14 rounds that recover the final round key with time complexity $$2^{32}$$. Next, a close inspection of LCB’s design revealed a lack of nonlinearity, whereby its S-box could be modelled as a permutation. As such, differential trails that hold with probability 1 can be trivially derived for any number of rounds of the cipher. A trivial distinguishing attack can be performed with just one known-ciphertext. We fix this flaw and go on to show that LCB is actually more secure (against differential cryptanalysis) than SLIM given the same number of rounds. To the best of our knowledge, these are the first third-party cryptanalysis attacks against both ciphers.

KW - Differential cryptanalysis

KW - LCB

KW - Lightweight block cipher

KW - SLIM

KW - SMT

UR - https://www.scopus.com/pages/publications/85148687324

UR - https://www.scopus.com/pages/publications/85148687324#tab=citedBy

U2 - 10.1007/978-3-031-23098-1_4

DO - 10.1007/978-3-031-23098-1_4

M3 - Conference contribution

AN - SCOPUS:85148687324

SN - 9783031230974

T3 - Communications in Computer and Information Science

SP - 55

EP - 67

BT - Emerging Information Security and Applications - 3rd International Conference, EISA 2022, Proceedings

A2 - Chen, Jiageng

A2 - He, Debiao

A2 - Lu, Rongxing

PB - Springer Science and Business Media Deutschland GmbH

T2 - 3rd International Symposium on Emerging Information Security and Applications, EISA 2022

Y2 - 29 October 2022 through 30 October 2022

ER -