International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Differential-Linear Cryptanalysis of GIFT family and GIFT-based Ciphers

Authors:
Shichang Wang , Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering, CAS, School of Cyber Security, University of Chinese Academy of Sciences
Meicheng Liu , Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering, CAS, School of Cyber Security, University of Chinese Academy of Sciences
Shiqi Hou , Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering, CAS, School of Cyber Security, University of Chinese Academy of Sciences
Dongdai Lin , Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering, CAS, School of Cyber Security, University of Chinese Academy of Sciences
Download:
DOI: 10.62056/a6n5txol7
URL: https://cic.iacr.org//p/1/1/13
Search ePrint
Search Google
Abstract:

At CHES 2017, Banik et al. proposed a lightweight block cipher GIFT consisting of two versions GIFT-64 and GIFT-128. Recently, there are lots of authenticated encryption schemes that adopt GIFT-128 as their underlying primitive, such as GIFT-COFB and HyENA. To promote a comprehensive perception of the soundness of the designs, we evaluate their security against differential-linear cryptanalysis.

For this, automatic tools have been developed to search differential-linear approximation for the ciphers based on S-boxes. With the assistance of the automatic tools, we find 13-round differential-linear approximations for GIFT-COFB and HyENA. Based on the distinguishers, 18-round key-recovery attacks are given for the message processing phase and initialization phase of both ciphers. Moreover, the resistance of GIFT-64/128 against differential-linear cryptanalysis is also evaluated. The 12-round and 17-round differential-linear approximations are found for GIFT-64 and GIFT-128 respectively, which lead to 18-round and 19-round key-recovery attacks respectively. Here, we stress that our attacks do not threaten the security of these ciphers.

BibTeX
@article{cic-2024-34108,
  title={Differential-Linear Cryptanalysis of GIFT family and GIFT-based Ciphers},
  journal={cic},
  publisher={International Association for Cryptologic Research},
  volume={1, Issue 1},
  url={https://cic.iacr.org//p/1/1/13},
  doi={10.62056/a6n5txol7},
  author={Shichang Wang and Meicheng Liu and Shiqi Hou and Dongdai Lin},
  year=2024
}