TY - GEN
T1 - A cryptanalysis of PRINTcipher
T2 - 31st Annual International Cryptology Conference, CRYPTO 2011
AU - Leander, Gregor
AU - Abdelraheem, Mohamed Ahmed
AU - Alkhzaimi, Hoda
AU - Zenner, Erik
PY - 2011
Y1 - 2011
N2 - At CHES 2010, the new block cipher PRINTcipher was presented as a light-weight encryption solution for printable circuits [15]. The best attack to date is a differential attack [1] that breaks less than half of the rounds. In this paper, we will present a new attack called invariant subspace attack that breaks the full cipher for a significant fraction of its keys. This attack can be seen as a weak-key variant of a statistical saturation attack. For such weak keys, a chosen plaintext distinguishing attack can be mounted in unit time. In addition to breaking PRINTcipher, the new attack also gives us new insights into other, more well-established attacks. We derive a truncated differential characteristic with a round-independent but highly key-dependent probability. In addition, we also show that for weak keys, strongly biased linear approximations exists for any number of rounds. In this sense, PRINTcipher behaves very differently to what is usually - often implicitly - assumed.
AB - At CHES 2010, the new block cipher PRINTcipher was presented as a light-weight encryption solution for printable circuits [15]. The best attack to date is a differential attack [1] that breaks less than half of the rounds. In this paper, we will present a new attack called invariant subspace attack that breaks the full cipher for a significant fraction of its keys. This attack can be seen as a weak-key variant of a statistical saturation attack. For such weak keys, a chosen plaintext distinguishing attack can be mounted in unit time. In addition to breaking PRINTcipher, the new attack also gives us new insights into other, more well-established attacks. We derive a truncated differential characteristic with a round-independent but highly key-dependent probability. In addition, we also show that for weak keys, strongly biased linear approximations exists for any number of rounds. In this sense, PRINTcipher behaves very differently to what is usually - often implicitly - assumed.
KW - Symmetric cryptography
KW - block cipher
KW - invariant subspace attack
KW - linear cryptanalysis
KW - statistical saturation attack
KW - truncated differentials
UR - http://www.scopus.com/inward/record.url?scp=80052002674&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=80052002674&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-22792-9_12
DO - 10.1007/978-3-642-22792-9_12
M3 - Conference contribution
AN - SCOPUS:80052002674
SN - 9783642227912
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 206
EP - 221
BT - Advances in Cryptology - CRYPTO 2011 - 31st Annual Cryptology Conference, Proceedings
PB - Springer Verlag
Y2 - 14 August 2011 through 18 August 2011
ER -