Welcome to the resource topic for 2025/677
Title:
Impossible Differential Attack on SAND-128
Authors: Nobuyuki Sugio
Abstract:Impossible differential attack is one of the major cryptanalytical methods for symmetric-key block ciphers. In this paper, we evaluate the security of SAND-128 against impossible differential attack. SAND is an AND-RX-based lightweight block cipher proposed by Chen et al. in Designs, Codes and Cryptography 2022. There are two variants of SAND, namely SAND-64 and SAND-128, due to structural differences. In this paper, we search for impossible differential distinguishers of SAND-128 using the Constraint Programming (CP) and reveal 14-round impossible differential distinguishers. The number of 14-round distinguishers is 2^{14} \times 7 = 114,688. Furthermore, we demonstrate a key recovery attack on 21-round SAND-128. The complexities for the attack require 2^{124} data, 2^{127.2} encryptions, and 2^{122} bytes of memory, respectively. Although this result currently achieves the best attack on round-reduced SAND-128, this attack does not threaten the security of SAND-128 against impossible differential attack.
ePrint: https://eprint.iacr.org/2025/677
See all topics related to this paper.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .