Cargando…
Weak-keys and key-recovery attack for [Formula: see text]
In this paper, we study NIST lightweight 3rd round candidate [Formula: see text] . The core component of [Formula: see text] is the keyed permutation [Formula: see text] , which is based on a non-linear feedback shift register. By analysing this permutation carefully, we are able to find good cubes...
| Autores principales: | , , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
Nature Publishing Group UK
2022
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9522731/ https://www.ncbi.nlm.nih.gov/pubmed/36175451 http://dx.doi.org/10.1038/s41598-022-19046-2 |
| _version_ | 1784800121591955456 |
|---|---|
| author | Dutta, Pranjal Rajasree, Mahesh Sreekumar Sarkar, Santanu |
| author_facet | Dutta, Pranjal Rajasree, Mahesh Sreekumar Sarkar, Santanu |
| author_sort | Dutta, Pranjal |
| collection | PubMed |
| description | In this paper, we study NIST lightweight 3rd round candidate [Formula: see text] . The core component of [Formula: see text] is the keyed permutation [Formula: see text] , which is based on a non-linear feedback shift register. By analysing this permutation carefully, we are able to find good cubes that are used to build distinguishers in the weak-key setting. In particular, we show that there are at least [Formula: see text] keys for which TinyJAMBU can be distinguished from a random source for up to 476 rounds. These distinguishers outperform the best-known distinguishers, which were proposed in ‘Scientific Reports - Nature’ by Teng et al. We are the first to study the exact degree of the feedback polynomial [Formula: see text] in the nonce variables. This helped us in concluding that [Formula: see text] with more than 445 rounds is secure against distinguishers using 32 sized cubes in the normal setting. Finally, we give new key-recovery attacks against [Formula: see text] using the concepts of monomial trail presented by Hu et al. at ASIACRYPT 2020. Our attacks are unlikely to jeopardise the security of the entire 640 rounds [Formula: see text] , but we strongly anticipate that they will shed new lights on the cipher’s security. |
| format | Online Article Text |
| id | pubmed-9522731 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2022 |
| publisher | Nature Publishing Group UK |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-95227312022-10-01 Weak-keys and key-recovery attack for [Formula: see text] Dutta, Pranjal Rajasree, Mahesh Sreekumar Sarkar, Santanu Sci Rep Article In this paper, we study NIST lightweight 3rd round candidate [Formula: see text] . The core component of [Formula: see text] is the keyed permutation [Formula: see text] , which is based on a non-linear feedback shift register. By analysing this permutation carefully, we are able to find good cubes that are used to build distinguishers in the weak-key setting. In particular, we show that there are at least [Formula: see text] keys for which TinyJAMBU can be distinguished from a random source for up to 476 rounds. These distinguishers outperform the best-known distinguishers, which were proposed in ‘Scientific Reports - Nature’ by Teng et al. We are the first to study the exact degree of the feedback polynomial [Formula: see text] in the nonce variables. This helped us in concluding that [Formula: see text] with more than 445 rounds is secure against distinguishers using 32 sized cubes in the normal setting. Finally, we give new key-recovery attacks against [Formula: see text] using the concepts of monomial trail presented by Hu et al. at ASIACRYPT 2020. Our attacks are unlikely to jeopardise the security of the entire 640 rounds [Formula: see text] , but we strongly anticipate that they will shed new lights on the cipher’s security. Nature Publishing Group UK 2022-09-29 /pmc/articles/PMC9522731/ /pubmed/36175451 http://dx.doi.org/10.1038/s41598-022-19046-2 Text en © The Author(s) 2022 https://creativecommons.org/licenses/by/4.0/Open AccessThis article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/ (https://creativecommons.org/licenses/by/4.0/) . |
| spellingShingle | Article Dutta, Pranjal Rajasree, Mahesh Sreekumar Sarkar, Santanu Weak-keys and key-recovery attack for [Formula: see text] |
| title | Weak-keys and key-recovery attack for [Formula: see text] |
| title_full | Weak-keys and key-recovery attack for [Formula: see text] |
| title_fullStr | Weak-keys and key-recovery attack for [Formula: see text] |
| title_full_unstemmed | Weak-keys and key-recovery attack for [Formula: see text] |
| title_short | Weak-keys and key-recovery attack for [Formula: see text] |
| title_sort | weak-keys and key-recovery attack for [formula: see text] |
| topic | Article |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9522731/ https://www.ncbi.nlm.nih.gov/pubmed/36175451 http://dx.doi.org/10.1038/s41598-022-19046-2 |
| work_keys_str_mv | AT duttapranjal weakkeysandkeyrecoveryattackforformulaseetext AT rajasreemaheshsreekumar weakkeysandkeyrecoveryattackforformulaseetext AT sarkarsantanu weakkeysandkeyrecoveryattackforformulaseetext |