[Resource Topic] 2019/741: Comprehensive security analysis of CRAFT

Welcome to the resource topic for 2019/741

Title:
Comprehensive security analysis of CRAFT

Authors: Hosein Hadipour, Sadegh Sadeghi, Majid M. Niknam, Nasour Bagheri

Abstract:

CRAFT is a lightweight involuntary block cipher, designed to provide efficient protection against differential fault attack. It is a tweakable cipher which encrypts a 64-bit plaintext using a 128-bit key and 64-bit public tweak. In this paper, compared to the designers’ analysis, we provide a more detailed analysis of CRAFT against differential, linear hull, and zero correlation cryptanalysis. Our distinguishers for reduced round CRAFT cover more number of rounds compared to the designers’ analysis. In our analysis, we observed a strange differential behavior of CRAFT, more precisely, for any number of rounds, the differential has an extremely higher probability compared to any differential characteristic. As an example, while the best characteristic for 11 rounds of the cipher has the probability of 2^{-80}, we presented a differential with the probability of 2^{-60}, contain 2^{20} characteristic, all with the same optimum probability of 2^{-80}. Next, we are using a partitioning technique, based on an optimal expendable truncated characteristic, to provide a better estimation of the differential effect on CRAFT. Thanks to technique, we were able to find differential distinguishers for 9, 10, 11, 12 and 13 rounds of the cipher in single tweak model with the probabilities of 2^{-40.204463}, 2^{-45.124812} , 2^{-49.799815}, 2^{-54.726466} and 2^{-59.399491} respectively. These probabilities should be compared with the best distinguishers provided by the designers in the same model for 9 and 10 rounds of the cipher with the probabilities of 2^{-54.67} and 2^{-62.61} respectively. In addition, we considered the security of CRAFT against the new concept of related tweak zero correlation (ZC) linear cryptanalysis and present a new distinguisher which covers 14 rounds of the cipher, while the best previous ZC distinguisher covered 13 rounds. We also provide many related key characteristics for a full round cipher that the probability of any full round distinguisher will not be less than 2^{-32}. It is noteworthy to mention the designers has no claim against the related key attack and even provided a deterministic related key characteristic for full round cipher, and extended it to exhaustive key search with the complexity of 2^{124}. However, given our distinguishers, it is possible to recover the key with the complexity of 2^{40}. Although the provided analysis does not compromise the cipher, we think it provides a better insight behind the designing of CRAFT.

ePrint: https://eprint.iacr.org/2019/741

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .