Improved integral attacks on 24-round LBlock and LBlock-s

Abstract

LBlock is a lightweight block cipher with Feistel-SP structure proposed by Wu and Zhang in Applied Cryptography and Network Security 2011, and a modified version LBlock-s is used later in the design of the lightweight authenticated encryption cipher LAC, one of the CAESAR candidates. The best known integral attack on LBlock is presented by Zhang and Wu which can attack 23-round LBlock based on a 16-round integral distinguisher found with division property. In Selected Areas in Cryptography 2018, Eskandari et al. further presented a 17-round integral distinguisher of LBlock with bit-based division property using SAT solver. Using their method, the authors further find some new 17-round integral distinguishers of LBlock and use one of them to present a 24-round integral attack on LBlock. Similarly, they also find some 17-round integral distinguishers of LBlock-s and select one to present a 24-round integral attack on LBlock-s. In this way, they have improved known single-key attacks on LBlock and LBlock-s by one round.