Piccolo is a 64-bit lightweight block cipher suitable for constrained environments such as wireless sensor networks. In this paper we evaluate the security of Piccolo-80 against linear cryptanalysis, we present a 6-round linear approximation of Piccolo-80 with probability (formula presented). We use this approximation to attack 7-round Piccolo-80 (with whitening keys) with data complexity of 261 known plaintexts and time complexity of 261. Its extension to an 8-round attack merely increases the time complexity to 270. This is the best linear attack against Piccolo-80 and it is also applicable to Piccolo-128 as the difference between the two variates is only the number of rounds and the key schedule algorithm. Moreover, we show that the bias in the approximation of the F-function, in some cases, is related to the MSB of the input. We utilize this relation to efficiently extract the MSBs of the whitening keys in the first round.
CITATION STYLE
Ashur, T., Dunkelman, O., & Masalha, N. (2019). Linear cryptanalysis reduced round of piccolo-80. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 11527 LNCS, pp. 16–32). Springer Verlag. https://doi.org/10.1007/978-3-030-20951-3_2
Mendeley helps you to discover research relevant for your work.