Article Highlight | 10-Sep-2023

Zero-correlation linear attack on the block cipher SKINNY

Higher Education Press

Fig1 14-round zero-correlation linear distinguishers of SKINNY-n-2n — **image: 14-round zero-correlation linear distinguishers of SKINNY-n-2n** view more

Credit: Yi Zhang, Ting Cui & Congjun Wang

Zero-correlation linear cryptanalysis is an important method to analyze the security of block ciphers. But there are few works on zero-correlation linear attacks combined with the related-key setting.

To promote the research of zero-correlation linear cryptanalysis, a research team led by Ting Cui published their new research on 15 Aug 2024 in Frontiers of Computer Science co-published by Higher Education Press and Springer Nature.

The team proposed a related-tweakey zero-correlation linear attack model and a search algorithm for zero-correlation linear distinguishers of block ciphers with a linear key schedule. Based on the algorithm, they find 14-round and 16-round zero-correlation linear distinguishers of SKINNY-n-2n and SKINNY-n-3n, two versions of a widely used block cipher, respectively. Under their attack model, they use these distinguishers to attack 21-round SKINNY-n-2n and 25-round SKINNY-n-3n.

The key innovation of their research is the proposition to judge whether a linear approximation of a block cipher is zero-correlation. (If a linear approximation is zero-correlation, then it is a distinguisher of the cipher and can be used for attacks) They try to find contradictions in the process of key updating, while previous methods are detecting contradictions of data states in the encryption process. Thus, new zero-correlation linear approximations might be found. The results of their work show zero-correlation linear attacks can be improved under the related-(twea)key setting, which reminds the cipher designers of being more careful about the key schedule of a block cipher, especially when the key schedule is a linear mapping. Moreover, their attack model could also apply to other block ciphers like SKINNY. And the search algorithm will be a helpful tool to analyze the security of block ciphers against zero-correlation linear attacks.

Future work can focus on extending the application of such an attack model by generalizing the zero-correlation linear cryptanalysis theory. It is an interesting work to find zero-correlation linear distinguishers of block ciphers with a nonlinear key schedule.

Zero-correlation linear attack results of SKINNY

Version	Round	Data Complexity	Time Complexity	Memory Complexity
SKINNY-64-128	21	2⁶⁸	2⁹⁵	2⁸⁴
SKINNY-128-256	21	2¹³⁶	2¹⁸⁵	2¹⁶⁸
SKINNY-64-192	25	2⁷⁶	2¹⁸⁴	2¹⁴⁴
SKINNY-128-384	25	2¹⁵²	2³²⁶	2²⁸⁸

Disclaimer: AAAS and EurekAlert! are not responsible for the accuracy of news releases posted to EurekAlert! by contributing institutions or for the use of any information through the EurekAlert system.