Impossible Differential Cryptanalysis of the Raindrop Block Cipher

Jiqiang Lu; Xiao Zhang

doi:10.1007/978-3-031-71073-5_10

Impossible Differential Cryptanalysis of the Raindrop Block Cipher

Jiqiang Lu^*
, Xiao Zhang

^*Corresponding author for this work

State Key Laboratory of Cryptology

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

The Raindrop block cipher is an award-winning algorithm of the recent Cryptographic Algorithm Design Competition in China. It employs a Feistel structure and has three versions Raindrop128-128, Raindrop128-256 and Raindrop256, which have a 128-bit block size with a 128- or 256-bit user key and a 256-bit block size with a 256-bit user key, respectively. In this paper, we observe that Raindrop can be transformed to an equivalent cipher with two rounds less than Raindrop (for each version), due to the position of the round key XOR operation. We also observe that when conducting impossible differential cryptanalysis of Raindrop, both inactive and active bit differences on plaintext and ciphertext as well as a few intermediate states may be exploited for some refined sorting conditions on plaintexts and ciphertexts to filter out preliminary satisfying plaintext/ciphertext pairs efficiently, and finally we exploit a few 12-round impossible differentials of Raindrop128 and Raindrop256 to make key-recovery attacks on 19-round Raindrop128-128, 21-round Raindrop128-256 and 20-round Raindrop256. Our attacks are better than any previously published cryptanalytic results on Raindrop in terms of the numbers of attacked rounds.

Original language	English
Title of host publication	Security and Cryptography for Networks - 14th International Conference, SCN 2024, Proceedings
Editors	Clemente Galdi, Duong Hieu Phan
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	206-227
Number of pages	22
ISBN (Print)	9783031710728
DOIs	https://doi.org/10.1007/978-3-031-71073-5_10
State	Published - 2024
Event	14th Conference on Security and Cryptography for Networks, SCN 2024 - Amalfi, Italy Duration: 11 Sep 2024 → 13 Sep 2024

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	14974 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	14th Conference on Security and Cryptography for Networks, SCN 2024
Country/Territory	Italy
City	Amalfi
Period	11/09/24 → 13/09/24

Keywords

Block cipher
Impossible differential cryptanalysis
Raindrop

Access to Document

10.1007/978-3-031-71073-5_10

Cite this

Lu, J., & Zhang, X. (2024). Impossible Differential Cryptanalysis of the Raindrop Block Cipher. In C. Galdi, & D. H. Phan (Eds.), Security and Cryptography for Networks - 14th International Conference, SCN 2024, Proceedings (pp. 206-227). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 14974 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-71073-5_10

Lu, Jiqiang ; Zhang, Xiao. / Impossible Differential Cryptanalysis of the Raindrop Block Cipher. Security and Cryptography for Networks - 14th International Conference, SCN 2024, Proceedings. editor / Clemente Galdi ; Duong Hieu Phan. Springer Science and Business Media Deutschland GmbH, 2024. pp. 206-227 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{66fb07c7fd314e7187b9a7fe60b3d46d,

title = "Impossible Differential Cryptanalysis of the Raindrop Block Cipher",

abstract = "The Raindrop block cipher is an award-winning algorithm of the recent Cryptographic Algorithm Design Competition in China. It employs a Feistel structure and has three versions Raindrop128-128, Raindrop128-256 and Raindrop256, which have a 128-bit block size with a 128- or 256-bit user key and a 256-bit block size with a 256-bit user key, respectively. In this paper, we observe that Raindrop can be transformed to an equivalent cipher with two rounds less than Raindrop (for each version), due to the position of the round key XOR operation. We also observe that when conducting impossible differential cryptanalysis of Raindrop, both inactive and active bit differences on plaintext and ciphertext as well as a few intermediate states may be exploited for some refined sorting conditions on plaintexts and ciphertexts to filter out preliminary satisfying plaintext/ciphertext pairs efficiently, and finally we exploit a few 12-round impossible differentials of Raindrop128 and Raindrop256 to make key-recovery attacks on 19-round Raindrop128-128, 21-round Raindrop128-256 and 20-round Raindrop256. Our attacks are better than any previously published cryptanalytic results on Raindrop in terms of the numbers of attacked rounds.",

keywords = "Block cipher, Impossible differential cryptanalysis, Raindrop",

author = "Jiqiang Lu and Xiao Zhang",

note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive license to Springer Nature Switzerland AG 2024.; 14th Conference on Security and Cryptography for Networks, SCN 2024 ; Conference date: 11-09-2024 Through 13-09-2024",

year = "2024",

doi = "10.1007/978-3-031-71073-5\_10",

language = "英语",

isbn = "9783031710728",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "206--227",

editor = "Clemente Galdi and Phan, \{Duong Hieu\}",

booktitle = "Security and Cryptography for Networks - 14th International Conference, SCN 2024, Proceedings",

address = "德国",

}

Lu, J & Zhang, X 2024, Impossible Differential Cryptanalysis of the Raindrop Block Cipher. in C Galdi & DH Phan (eds), Security and Cryptography for Networks - 14th International Conference, SCN 2024, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 14974 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 206-227, 14th Conference on Security and Cryptography for Networks, SCN 2024, Amalfi, Italy, 11/09/24. https://doi.org/10.1007/978-3-031-71073-5_10

Impossible Differential Cryptanalysis of the Raindrop Block Cipher. / Lu, Jiqiang ; Zhang, Xiao.
Security and Cryptography for Networks - 14th International Conference, SCN 2024, Proceedings. ed. / Clemente Galdi; Duong Hieu Phan. Springer Science and Business Media Deutschland GmbH, 2024. p. 206-227 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 14974 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Impossible Differential Cryptanalysis of the Raindrop Block Cipher

AU - Lu, Jiqiang

AU - Zhang, Xiao

N1 - Publisher Copyright: © The Author(s), under exclusive license to Springer Nature Switzerland AG 2024.

PY - 2024

Y1 - 2024

N2 - The Raindrop block cipher is an award-winning algorithm of the recent Cryptographic Algorithm Design Competition in China. It employs a Feistel structure and has three versions Raindrop128-128, Raindrop128-256 and Raindrop256, which have a 128-bit block size with a 128- or 256-bit user key and a 256-bit block size with a 256-bit user key, respectively. In this paper, we observe that Raindrop can be transformed to an equivalent cipher with two rounds less than Raindrop (for each version), due to the position of the round key XOR operation. We also observe that when conducting impossible differential cryptanalysis of Raindrop, both inactive and active bit differences on plaintext and ciphertext as well as a few intermediate states may be exploited for some refined sorting conditions on plaintexts and ciphertexts to filter out preliminary satisfying plaintext/ciphertext pairs efficiently, and finally we exploit a few 12-round impossible differentials of Raindrop128 and Raindrop256 to make key-recovery attacks on 19-round Raindrop128-128, 21-round Raindrop128-256 and 20-round Raindrop256. Our attacks are better than any previously published cryptanalytic results on Raindrop in terms of the numbers of attacked rounds.

AB - The Raindrop block cipher is an award-winning algorithm of the recent Cryptographic Algorithm Design Competition in China. It employs a Feistel structure and has three versions Raindrop128-128, Raindrop128-256 and Raindrop256, which have a 128-bit block size with a 128- or 256-bit user key and a 256-bit block size with a 256-bit user key, respectively. In this paper, we observe that Raindrop can be transformed to an equivalent cipher with two rounds less than Raindrop (for each version), due to the position of the round key XOR operation. We also observe that when conducting impossible differential cryptanalysis of Raindrop, both inactive and active bit differences on plaintext and ciphertext as well as a few intermediate states may be exploited for some refined sorting conditions on plaintexts and ciphertexts to filter out preliminary satisfying plaintext/ciphertext pairs efficiently, and finally we exploit a few 12-round impossible differentials of Raindrop128 and Raindrop256 to make key-recovery attacks on 19-round Raindrop128-128, 21-round Raindrop128-256 and 20-round Raindrop256. Our attacks are better than any previously published cryptanalytic results on Raindrop in terms of the numbers of attacked rounds.

KW - Block cipher

KW - Impossible differential cryptanalysis

KW - Raindrop

UR - https://www.scopus.com/pages/publications/85204918321

U2 - 10.1007/978-3-031-71073-5_10

DO - 10.1007/978-3-031-71073-5_10

M3 - 会议稿件

AN - SCOPUS:85204918321

SN - 9783031710728

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 206

EP - 227

BT - Security and Cryptography for Networks - 14th International Conference, SCN 2024, Proceedings

A2 - Galdi, Clemente

A2 - Phan, Duong Hieu

PB - Springer Science and Business Media Deutschland GmbH

T2 - 14th Conference on Security and Cryptography for Networks, SCN 2024

Y2 - 11 September 2024 through 13 September 2024

ER -

Lu J , Zhang X. Impossible Differential Cryptanalysis of the Raindrop Block Cipher. In Galdi C, Phan DH, editors, Security and Cryptography for Networks - 14th International Conference, SCN 2024, Proceedings. Springer Science and Business Media Deutschland GmbH. 2024. p. 206-227. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-031-71073-5_10