Cryptanalysis of full-round SFN block cipher a lightweight block cipher, targeting IoT systems

Document Type : Research Article

Authors

1 Department of Electrical Engineering, Sharif University of Technology, Tehran, Iran

2 Department of Mathematics, Faculty of Mathematical Sciences and Computer, Kharazmi University, Tehran, Iran

3 Department of Electrical Engineering, Shahid Rajaee Teacher Training University, Tehran, Postal code: 16788-15811, Iran

Abstract

SFN is a lightweight block cipher designed to be compact in hardware and efficient in software for constrained environment such as the Internet of Things (IoT) edge devices.
Compared to the conventional block ciphers it uses both the SP network structure and Feistel network structure to encrypt.
The SFN supports key lengths of 96 bits and its block length is 64 bits and includes 32 rounds. In this paper, we propose a deterministic related key distinguisher for 31 rounds of the SFN. we are able to use the proposed related key distinguisher to attack the SFN in the known-plaintext scenario with the time complexity of $2^{60.58}$ encryptions. The data and memory complexity of those attacks are negligible. In addition, we will extend it to a practical chosen-plaintext-ciphertext key recovery attack on full SFN (32 rounds) with the complexity of $2^{20}$. We also experimentally verified this attack.

Also, in the single key mode, we present a meet in the middle attack against the full rounds block cipher for which the time complexity is $2^{80}$ the SFN calculations and the memory complexity is $2^{35.6}$ bytes. The data complexity of this attack is only two known plaintext and their corresponding ciphertext.

Keywords


References:
1. Li, L., Liu, B., Zhou, Y., et al. "SFN: A new lightweight block cipher", Microprocessors and Microsystems, 60, pp. 138-150 (2018). https://doi.org/10.1016/j.micpro.2018.04.009.
2. Biham, E. "New types of cryptanalytic attacks using related keys", Journal of Cryptology, 7(4), pp. 229-246 (1994). https://doi.org/10.1007/BF00203965.
3. Knudsen, L.R. "Cryptanalysis of LOKI 91", In International Workshop on the Theory and Application of Cryptographic Techniques, pp. 196-208, Springer (1992). https://doi.org/10.1007/3-540-57220-1 62.
4. Diffie, W. and Hellman, M. "Exhaustive cryptanalysis of the nbs data encryption standard," IEEE Computer Society Press, 10(6), pp. 74-84 (1977). https://doi.org/10.1109/C-M.1977.217750.
5. Die, W. and Hellman, M.E. "Special feature exhaustive cryptanalysis of the nbs data encryption standard," Computer, 10(6), pp. 74-84 (1977). https://doi.org/10.1109/C-M.1977.217750.
6. Bogdanov, A. and Rechberger, C. "A 3-subset meetin- the-middle attack: cryptanalysis of the lightweight block cipher ktantan," in International Workshop on Selected Areas in Cryptography, pp. 229-240, Springer (2010). https://doi.org/10.1007/978-3-642-19574-7 16.
7. Ahmadi, S. and Aref, M.R. "Generalized meet in the middle cryptanalysis of block ciphers with an automated search algorithm," IEEE Access, 8, pp. 2284-2301 (2019). https://doi.org/10.1109/ACCESS.2019.2962101.
8. Dong, X., Wei, Y., Gao, W. et al. "New meetin- the-middle attacks on fox block cipher", The Computer Journal, 66(5), pp. 1195-1212 (2023). https://doi.org/10.1093/comjnl/bxac007.
9. Ahmadi, S, Ahmadian, Z., Mohajeri, J., et al. "Low-data complexity biclique cryptanalysis of block ciphers with application to piccolo and hight," IEEE Transactions on Information Forensics and Security, 9(10), pp. 1641-1652 (2014). https://doi.org/10.1109/TIFS.2014.2344445.
10. Liu, F., Sarkar, S., Wang, G., et al. "Algebraic meet-in-the-middle attack on lowmc", Cryptology ePrint Archive, Paper 2022/019 (2022). https://eprint.iacr.org/2022/019. https://doi.org/10.1007/978-3-031-22963-3 8.
11. Mouha, N., Wang, Q. Gu, D., et al. "Differential and linear cryptanalysis using mixed-integer linear programming," In International Conference on Information Security and Cryptology, pp. 57-76, Springer (2011). https://doi.org/10.1007/978-3-642-34704-7 5.
12. Sun, S., Hu, L., Wang, M., et al. "Towards finding the best characteristics of some bit-oriented block ciphers and automatic enumeration of (related-key) differential and linear characteristics with predefined properties," Cryptology ePrint Archive, Report, 747, p. 2014 (2014).
Volume 32, Issue 1
Transactions on Computer Science & Engineering and Electrical Engineering
January and February 2025 Article ID:6319
  • Receive Date: 18 December 2021
  • Revise Date: 20 January 2023
  • Accept Date: 31 October 2023