TY - GEN
T1 - A chosen plaintext linear attack on block cipher CIKS-1
AU - Lee, Changhoon
AU - Hong, Deukjo
AU - Lee, Sungjae
AU - Lee, Sangjin
AU - Yang, Hyungjin
AU - Lim, Jong In
PY - 2002
Y1 - 2002
N2 - In this paper, we firstly evaluate the resistance of the reduced 5-round version of the block cipher CIKS-1 against linear cryptanalysis(LC). A feature of the CIKS-1 is the use of both Data-Dependent permutations(DDP) and internal key scheduing which consist in data-dapendent transformation of the round subkeys. Taking into account the structure of CIKS-1 we investigate linear approximation. That is, we consider 16 linear approximations with p = 3/4 for 16 parallel modulo 22 additions to construct one-round linear approximation and derive one-round linear approximation with the probability of P = 1/2 + 2-17 by Piling-Up lemma. Also we estimate that the P is a valid probability of one-round approximation and achieve that the probability P for one round approximation is better than 1/2 +2-17 through experiments. Then we construct 3-round linear approximation with P = 1/2 +2-17 using this one-round approximation and can attack the reduced 5-round CIKS-1 with 64-bit block by LC. In conclusion, we present that our attack requires about 236 chosen plaintexts with a probability of success of 78.5% and 15 ×232× 236 ≈ 265.7 encryption times to recover last round(5-round) key. In addition, we discuss a few improvements of the cipher CIKS-1.
AB - In this paper, we firstly evaluate the resistance of the reduced 5-round version of the block cipher CIKS-1 against linear cryptanalysis(LC). A feature of the CIKS-1 is the use of both Data-Dependent permutations(DDP) and internal key scheduing which consist in data-dapendent transformation of the round subkeys. Taking into account the structure of CIKS-1 we investigate linear approximation. That is, we consider 16 linear approximations with p = 3/4 for 16 parallel modulo 22 additions to construct one-round linear approximation and derive one-round linear approximation with the probability of P = 1/2 + 2-17 by Piling-Up lemma. Also we estimate that the P is a valid probability of one-round approximation and achieve that the probability P for one round approximation is better than 1/2 +2-17 through experiments. Then we construct 3-round linear approximation with P = 1/2 +2-17 using this one-round approximation and can attack the reduced 5-round CIKS-1 with 64-bit block by LC. In conclusion, we present that our attack requires about 236 chosen plaintexts with a probability of success of 78.5% and 15 ×232× 236 ≈ 265.7 encryption times to recover last round(5-round) key. In addition, we discuss a few improvements of the cipher CIKS-1.
KW - Block cipher
KW - CIKS-1(cipher with internal key scheduling)
KW - Data-dependent permutation
KW - Linear cryptanalysis
UR - http://www.scopus.com/inward/record.url?scp=84944063721&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84944063721&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:84944063721
SN - 3540001646
VL - 2513
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 456
EP - 468
BT - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
PB - Springer Verlag
T2 - 4th International Conference on Information and Communications Security, ICICS 2002
Y2 - 9 December 2002 through 12 December 2002
ER -