Cryptanalysis of full-round SFN Block Cipher a Lightweight Block Cipher, Targeting IoT Systems

Document Type : Article


1 1Department of Electrical Engineering, Sharif University of Technology, Tehran, Iran

2 Department of Mathematics, Faculty of Mathematical Sciences and Computer, Kharazmi University, Tehran, Iran

3 3Electrical Engineering Department, Shahid Rajaee Teacher Training University, Tehran, Iran, Postal code: 16788-15811

4 Department of Electrical Engineering, Sharif University of Technology, Tehran, Iran


SFN is a lightweight block cipher designed to be compact in hardware and efficient in software for constrained environment such as the Internet of Things (IoT) edge devices.
Compared to the conventional block ciphers it uses both the SP network structure and Feistel network structure to encrypt.
The SFN supports key lengths of 96 bits and its block length is 64 bits and includes 32 rounds. In this paper, we propose a deterministic related key distinguisher for 31 rounds of the SFN. we are able to use the proposed related key distinguisher to attack the SFN in the known-plaintext scenario with the time complexity of $2^{60.58}$ encryptions. The data and memory complexity of those attacks are negligible. In addition, we will extend it to a practical chosen-plaintext-ciphertext key recovery attack on full SFN (32 rounds) with the complexity of $2^{20}$. We also experimentally verified this attack.

Also, in the single key mode, we present a meet in the middle attack against the full rounds block cipher for which the time complexity is $2^{80}$ the SFN calculations and the memory complexity is $2^{35.6}$ bytes. The data complexity of this attack is only two known plaintext and their corresponding ciphertext.