TY - GEN

T1 - A chosen plaintext linear attack on block cipher CIKS-1

AU - Lee, Changhoon

AU - Hong, Deukjo

AU - Lee, Sungjae

AU - Lee, Sangjin

AU - Yang, Hyungjin

AU - Lim, Jong In

PY - 2002

Y1 - 2002

N2 - In this paper, we firstly evaluate the resistance of the reduced 5-round version of the block cipher CIKS-1 against linear cryptanalysis(LC). A feature of the CIKS-1 is the use of both Data-Dependent permutations(DDP) and internal key scheduing which consist in data-dapendent transformation of the round subkeys. Taking into account the structure of CIKS-1 we investigate linear approximation. That is, we consider 16 linear approximations with p = 3/4 for 16 parallel modulo 22 additions to construct one-round linear approximation and derive one-round linear approximation with the probability of P = 1/2 + 2-17 by Piling-Up lemma. Also we estimate that the P is a valid probability of one-round approximation and achieve that the probability P for one round approximation is better than 1/2 +2-17 through experiments. Then we construct 3-round linear approximation with P = 1/2 +2-17 using this one-round approximation and can attack the reduced 5-round CIKS-1 with 64-bit block by LC. In conclusion, we present that our attack requires about 236 chosen plaintexts with a probability of success of 78.5% and 15 ×232× 236 ≈ 265.7 encryption times to recover last round(5-round) key. In addition, we discuss a few improvements of the cipher CIKS-1.

AB - In this paper, we firstly evaluate the resistance of the reduced 5-round version of the block cipher CIKS-1 against linear cryptanalysis(LC). A feature of the CIKS-1 is the use of both Data-Dependent permutations(DDP) and internal key scheduing which consist in data-dapendent transformation of the round subkeys. Taking into account the structure of CIKS-1 we investigate linear approximation. That is, we consider 16 linear approximations with p = 3/4 for 16 parallel modulo 22 additions to construct one-round linear approximation and derive one-round linear approximation with the probability of P = 1/2 + 2-17 by Piling-Up lemma. Also we estimate that the P is a valid probability of one-round approximation and achieve that the probability P for one round approximation is better than 1/2 +2-17 through experiments. Then we construct 3-round linear approximation with P = 1/2 +2-17 using this one-round approximation and can attack the reduced 5-round CIKS-1 with 64-bit block by LC. In conclusion, we present that our attack requires about 236 chosen plaintexts with a probability of success of 78.5% and 15 ×232× 236 ≈ 265.7 encryption times to recover last round(5-round) key. In addition, we discuss a few improvements of the cipher CIKS-1.

KW - Block cipher

KW - CIKS-1(cipher with internal key scheduling)

KW - Data-dependent permutation

KW - Linear cryptanalysis

UR - http://www.scopus.com/inward/record.url?scp=84944063721&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84944063721&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:84944063721

SN - 3540001646

VL - 2513

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 456

EP - 468

BT - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

PB - Springer Verlag

T2 - 4th International Conference on Information and Communications Security, ICICS 2002

Y2 - 9 December 2002 through 12 December 2002

ER -