Piccolo is a 64-bit lightweight block cipher suitable for constrained environments such as wireless sensor networks. In this paper we evaluate the security of Piccolo-80 against linear cryptanalysis, we present a 6-round linear approximation of Piccolo-80 with probability (formula presented). We use this approximation to attack 7-round Piccolo-80 (with whitening keys) with data complexity of 261 known plaintexts and time complexity of 261. Its extension to an 8-round attack merely increases the time complexity to 270. This is the best linear attack against Piccolo-80 and it is also applicable to Piccolo-128 as the difference between the two variates is only the number of rounds and the key schedule algorithm. Moreover, we show that the bias in the approximation of the F-function, in some cases, is related to the MSB of the input. We utilize this relation to efficiently extract the MSBs of the whitening keys in the first round.
|Title of host publication||Cyber Security Cryptography and Machine Learning - 3rd International Symposium, CSCML 2019, Proceedings|
|Editors||Shlomi Dolev, Danny Hendler, Sachin Lodha, Moti Yung|
|Number of pages||17|
|State||Published - 2019|
|Event||3rd International Symposium on Cyber Security Cryptography and Machine Learning, CSCML 2019 - Beer Sheva, Israel|
Duration: 27 Jun 2019 → 28 Jun 2019
|Name||Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)|
|Conference||3rd International Symposium on Cyber Security Cryptography and Machine Learning, CSCML 2019|
|Period||27/06/19 → 28/06/19|
Bibliographical notePublisher Copyright:
© Springer Nature Switzerland AG 2019.
- Linear cryptanalysis
ASJC Scopus subject areas
- Theoretical Computer Science
- Computer Science (all)