Research paper 2

Abstract

  • FUTURE: Lightweight block cipher with efficient hardware performance.

  • AES-like SPN with 10 rounds: 64-bit block size, 128-bit key, 16 cells.

  • Concerns over integral properties of 4-bit S-boxes compared to larger S-boxes.

  • Conducts integral attack on FUTURE, identifies distinguishers for 7 rounds, and recovers 128-bit keys.

  • Presents key recovery attacks with enhanced time complexity.

Introduction

  • FUTURE proposed by Gupta et al. as a lightweight cipher.

  • Designed for single clock cycle encryption with low implementation cost.

  • MDS matrix approach for better security; uses lightweight components.

  • Benchmarked against several lightweight ciphers for performance.

Security Evaluation

  • Initial studies expected no effective 5-round distinguisher.

  • Ilter et al. discovered effective distinguishers but did not utilize them for attacks.

  • Schrottenloher et al. employed MitM technique for full round key recovery.

  • Integral attacks based on a structure of plaintexts; utilizes detection techniques for subkeys.

Division Property Techniques

  • Integral attack based on the division property introduced by Todo.

  • Bit-based variation introduced by Todo and Morii to exploit algebraic structures.

  • Integration of MILP for efficient detection of distinguishers.

  • BDP provides improved detection abilities over generic word-based properties.

FUTURE Cipher Structure

  • 64-bit block size, 128-bit key, 10-round full unrolled implementation.

  • Basic operations: SubCell (S-box), MixColumn (linear transformation), ShiftRow (row rotation), AddRoundKey (XOR with key).

  • Operations adapted for efficiency in hardware.

  • Round function overview provided with components.

Integral Distinguisher

  • Constructed a 7-round integral distinguisher with 63 active bits leading to balanced ciphertext.

  • Plaintext structure ensures balance after encryption.

Key-Recovery Attack

Without Full Data

  • Key recovery through 3 additional rounds, based on 7-round distinguisher.

  • Attack includes data collection and key recovery phases, enhancing attack feasibility.

  • Time complexity calculated in detail.

With Full Data

  • Expanded attack to include additional rounds on full FUTURE.

  • Data collection from complete ciphertext leads to further key recovery.

  • Summarized steps for attacks, with memory and time complexities outlined.

Complexity Analysis

  • Data complexity outlined for various scenarios, with specifics on plaintext-ciphertext pair extraction.

  • Key recovery steps elaborated with associated computational costs.

Conclusion

  • Future works will build upon the findings to improve cryptanalysis methods.

  • The study addresses vulnerabilities in lightweight block ciphers like FUTURE through integrative techniques.