FPGA implementation of a statistical saturation attack against PRESENT

Abstract

Statistical attacks against block ciphers usually exploit "characteristics". A characteristic essentially defines a relation between (parts of) the block cipher's inputs, outputs and intermediate values. Intuitively, a good characteristic is one for which the relation between the cipher's inputs and outputs exhibit a significant deviation from the uniform distribution. Due to its intensive computational complexity, the search for good characteristics generally relies on heuristics, e.g. based on a branch-and-bound algorithm. But the use of such heuristics directly raises the question whether these good characteristics remain good, as the number of cipher rounds increases. This question relates to the so-called hull effect, expressing the idea that in a practically secure cipher, only the combination of many characteristics can explain the statistical deviations exploited in cryptanalysis. As characteristics are also a central tool when estimating the data complexities of statistical attacks, determining whether a hull effect can be observed is essential in the security evaluation of a block cipher. Unfortunately, this is again a computationally intensive task, as it ideally requires to sample over the full input space. In this paper, we consequently discuss the interest of hardware assistance, in order to improve the understanding of statistical attacks against block ciphers. More precisely, we propose an FPGA design that allowed us to evaluate a statistical saturation attack against the block cipher PRESENT, for overall complexities up to 2 50. Compared to previous software solutions, it corresponds to an increase of the maximum data complexity experimentally reached up to now by a factor 214. Our experiments confirm that up to 19 rounds of PRESENT can be broken with 248 plaintext/ciphertext pairs. They also serve as a basis for discussing the statistical hull effect and suggest that 31-round PRESENT should be safe against such statistical attacks. © 2011 Springer-Verlag.