Impossible differential attacks on the SKINNY family of block ciphers

SKINNY is a family of lightweight block ciphers proposed at CRYPTO 2016, which follows the TWEAKEY framework and takes a tweakey input. It is shown that SKINNY family not only has good hardware/software performances, but also provides strong security guarantees against differential/linear cryptanaly...

Full description

Saved in:
Bibliographic Details
Published in:IET information security 2017-11, Vol.11 (6), p.377-385
Main Authors: Yang, Dong, Qi, Wen-Feng, Chen, Hua-Jin
Format: Article
Language:English
Subjects:
17‐round encryptions
17‐round SKINNY‐64‐64
19‐round encryptions
19‐round SKINNY‐64‐128
21‐round encryptions
21‐round SKINNY‐64‐192
CRYPTO 2016
cryptography
differential cryptanalysis
early‐abort technique
greedy algorithms
greedy strategy
impossible differential attacks
k‐bit tweakey size
lightweight block ciphers
linear cryptanalysis
n‐bit block size
Research Article
SKINNY cipher
SKINNY‐128‐128
SKINNY‐128‐256
SKINNY‐128‐384
SKINNY‐n‐k
TWEAKEY framework
tweakey input
Citations: Items that this one cites
Items that cite this one
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:SKINNY is a family of lightweight block ciphers proposed at CRYPTO 2016, which follows the TWEAKEY framework and takes a tweakey input. It is shown that SKINNY family not only has good hardware/software performances, but also provides strong security guarantees against differential/linear cryptanalysis. In this study, the authors study the security of SKINNY against the impossible differential attack. First, they get some properties of the subkeys of SKINNY by analysing its key schedule. Then, combining with the early-abort technique and the greedy strategy, they present impossible differential attacks on SKINNY based on an 11-round impossible differential. Let SKINNY-n-k be the SKINNY cipher with n-bit block size and k-bit tweakey size. On the basis of their method, 17-round SKINNY-64-64 (resp. SKINNY-128-128) can be broken in $2^{61.8}$261.8 (resp. $2^{120.8}$2120.8) 17-round encryptions, 19-round SKINNY-64-128 (resp. SKINNY-128-256) can be broken in $2^{119.8}$2119.8 (resp. $2^{241.8}$2241.8) 19-round encryptions and 21-round SKINNY-64-192 (resp. SKINNY-128-384) can be broken in $2^{180.5}$2180.5 (resp. $2^{353.6}$2353.6) 21-round encryptions. To the best of their knowledge, these results are currently the best results with respect to the attacked rounds.
ISSN:1751-8709
1751-8717
DOI:10.1049/iet-ifs.2016.0488