[Resource Topic] 2023/1697: Full Round Distinguishing and Key-Recovery Attacks on SAND-2 (Full version)

Welcome to the resource topic for 2023/1697

Full Round Distinguishing and Key-Recovery Attacks on SAND-2 (Full version)

Authors: Zhuolong Zhang, Shiyao Chen, Wei Wang, Meiqin Wang


This paper presents full round distinguishing and key recovery attacks on lightweight block cipher SAND-2 with 64-bit block size and 128-bit key size, which appears to be a mixture of the AND-Rotation-XOR (AND-RX) based ciphers SAND and ANT. However, the security arguments against linear and some other attacks are not fully provided. In this paper, we find that the combination of a SAND-like nibble-based round function and ANT-like bit-based permutations will cause dependencies and lead to iterative linear and differential trails with high probabilities. By exploiting these, full round distinguishing attacks on SAND-2 work with 2^{46} queries for linear and 2^{58.60} queries for differential in the single-key setting. Then, full round key recovery attacks are also mounted, which work with the time complexity 2^{48.23} for linear and 2^{64.10} for differential. It should be noted that the dependency observed in this paper only works for SAND-2 and will not threaten SAND and ANT. From the point of designers, our attacks show the risk of mixing the parts of different designs, even though each of them is well-studied to be secure.

ePrint: https://eprint.iacr.org/2023/1697

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .