Impossible Differential Cryptanalysis of the Raindrop Block Cipher

Jiqiang Lu; Xiao Zhang

doi:10.1007/978-3-031-71073-5_10

Impossible Differential Cryptanalysis of the Raindrop Block Cipher

Jiqiang Lu^*
, Xiao Zhang

^*此作品的通讯作者

State Key Laboratory of Cryptology

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

摘要

The Raindrop block cipher is an award-winning algorithm of the recent Cryptographic Algorithm Design Competition in China. It employs a Feistel structure and has three versions Raindrop128-128, Raindrop128-256 and Raindrop256, which have a 128-bit block size with a 128- or 256-bit user key and a 256-bit block size with a 256-bit user key, respectively. In this paper, we observe that Raindrop can be transformed to an equivalent cipher with two rounds less than Raindrop (for each version), due to the position of the round key XOR operation. We also observe that when conducting impossible differential cryptanalysis of Raindrop, both inactive and active bit differences on plaintext and ciphertext as well as a few intermediate states may be exploited for some refined sorting conditions on plaintexts and ciphertexts to filter out preliminary satisfying plaintext/ciphertext pairs efficiently, and finally we exploit a few 12-round impossible differentials of Raindrop128 and Raindrop256 to make key-recovery attacks on 19-round Raindrop128-128, 21-round Raindrop128-256 and 20-round Raindrop256. Our attacks are better than any previously published cryptanalytic results on Raindrop in terms of the numbers of attacked rounds.

源语言	英语
主期刊名	Security and Cryptography for Networks - 14th International Conference, SCN 2024, Proceedings
编辑	Clemente Galdi, Duong Hieu Phan
出版商	Springer Science and Business Media Deutschland GmbH
页	206-227
页数	22
ISBN（印刷版）	9783031710728
DOI	https://doi.org/10.1007/978-3-031-71073-5_10
出版状态	已出版 - 2024
活动	14th Conference on Security and Cryptography for Networks, SCN 2024 - Amalfi, 意大利期限: 11 9月 2024 → 13 9月 2024

出版系列

姓名	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
卷	14974 LNCS
ISSN（印刷版）	0302-9743
ISSN（电子版）	1611-3349

会议

会议	14th Conference on Security and Cryptography for Networks, SCN 2024
国家/地区	意大利
市	Amalfi
时期	11/09/24 → 13/09/24

访问文件

10.1007/978-3-031-71073-5_10

其它文件与链接

链接到 Scopus 的出版物

引用此

Lu, J., & Zhang, X. (2024). Impossible Differential Cryptanalysis of the Raindrop Block Cipher. 在 C. Galdi, & D. H. Phan (编辑), Security and Cryptography for Networks - 14th International Conference, SCN 2024, Proceedings (页码 206-227). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); 卷 14974 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-71073-5_10

Lu, Jiqiang ; Zhang, Xiao. / Impossible Differential Cryptanalysis of the Raindrop Block Cipher. Security and Cryptography for Networks - 14th International Conference, SCN 2024, Proceedings. 编辑 / Clemente Galdi ; Duong Hieu Phan. Springer Science and Business Media Deutschland GmbH, 2024. 页码 206-227 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{66fb07c7fd314e7187b9a7fe60b3d46d,

title = "Impossible Differential Cryptanalysis of the Raindrop Block Cipher",

abstract = "The Raindrop block cipher is an award-winning algorithm of the recent Cryptographic Algorithm Design Competition in China. It employs a Feistel structure and has three versions Raindrop128-128, Raindrop128-256 and Raindrop256, which have a 128-bit block size with a 128- or 256-bit user key and a 256-bit block size with a 256-bit user key, respectively. In this paper, we observe that Raindrop can be transformed to an equivalent cipher with two rounds less than Raindrop (for each version), due to the position of the round key XOR operation. We also observe that when conducting impossible differential cryptanalysis of Raindrop, both inactive and active bit differences on plaintext and ciphertext as well as a few intermediate states may be exploited for some refined sorting conditions on plaintexts and ciphertexts to filter out preliminary satisfying plaintext/ciphertext pairs efficiently, and finally we exploit a few 12-round impossible differentials of Raindrop128 and Raindrop256 to make key-recovery attacks on 19-round Raindrop128-128, 21-round Raindrop128-256 and 20-round Raindrop256. Our attacks are better than any previously published cryptanalytic results on Raindrop in terms of the numbers of attacked rounds.",

keywords = "Block cipher, Impossible differential cryptanalysis, Raindrop",

author = "Jiqiang Lu and Xiao Zhang",

note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive license to Springer Nature Switzerland AG 2024.; 14th Conference on Security and Cryptography for Networks, SCN 2024 ; Conference date: 11-09-2024 Through 13-09-2024",

year = "2024",

doi = "10.1007/978-3-031-71073-5\_10",

language = "英语",

isbn = "9783031710728",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "206--227",

editor = "Clemente Galdi and Phan, \{Duong Hieu\}",

booktitle = "Security and Cryptography for Networks - 14th International Conference, SCN 2024, Proceedings",

address = "德国",

}

Lu, J & Zhang, X 2024, Impossible Differential Cryptanalysis of the Raindrop Block Cipher. 在 C Galdi & DH Phan (编辑), Security and Cryptography for Networks - 14th International Conference, SCN 2024, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 卷 14974 LNCS, Springer Science and Business Media Deutschland GmbH, 页码 206-227, 14th Conference on Security and Cryptography for Networks, SCN 2024, Amalfi, 意大利, 11/09/24. https://doi.org/10.1007/978-3-031-71073-5_10

Impossible Differential Cryptanalysis of the Raindrop Block Cipher. / Lu, Jiqiang ; Zhang, Xiao.
Security and Cryptography for Networks - 14th International Conference, SCN 2024, Proceedings. 编辑 / Clemente Galdi; Duong Hieu Phan. Springer Science and Business Media Deutschland GmbH, 2024. 页码 206-227 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); 卷 14974 LNCS).

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

TY - GEN

T1 - Impossible Differential Cryptanalysis of the Raindrop Block Cipher

AU - Lu, Jiqiang

AU - Zhang, Xiao

N1 - Publisher Copyright: © The Author(s), under exclusive license to Springer Nature Switzerland AG 2024.

PY - 2024

Y1 - 2024

N2 - The Raindrop block cipher is an award-winning algorithm of the recent Cryptographic Algorithm Design Competition in China. It employs a Feistel structure and has three versions Raindrop128-128, Raindrop128-256 and Raindrop256, which have a 128-bit block size with a 128- or 256-bit user key and a 256-bit block size with a 256-bit user key, respectively. In this paper, we observe that Raindrop can be transformed to an equivalent cipher with two rounds less than Raindrop (for each version), due to the position of the round key XOR operation. We also observe that when conducting impossible differential cryptanalysis of Raindrop, both inactive and active bit differences on plaintext and ciphertext as well as a few intermediate states may be exploited for some refined sorting conditions on plaintexts and ciphertexts to filter out preliminary satisfying plaintext/ciphertext pairs efficiently, and finally we exploit a few 12-round impossible differentials of Raindrop128 and Raindrop256 to make key-recovery attacks on 19-round Raindrop128-128, 21-round Raindrop128-256 and 20-round Raindrop256. Our attacks are better than any previously published cryptanalytic results on Raindrop in terms of the numbers of attacked rounds.

AB - The Raindrop block cipher is an award-winning algorithm of the recent Cryptographic Algorithm Design Competition in China. It employs a Feistel structure and has three versions Raindrop128-128, Raindrop128-256 and Raindrop256, which have a 128-bit block size with a 128- or 256-bit user key and a 256-bit block size with a 256-bit user key, respectively. In this paper, we observe that Raindrop can be transformed to an equivalent cipher with two rounds less than Raindrop (for each version), due to the position of the round key XOR operation. We also observe that when conducting impossible differential cryptanalysis of Raindrop, both inactive and active bit differences on plaintext and ciphertext as well as a few intermediate states may be exploited for some refined sorting conditions on plaintexts and ciphertexts to filter out preliminary satisfying plaintext/ciphertext pairs efficiently, and finally we exploit a few 12-round impossible differentials of Raindrop128 and Raindrop256 to make key-recovery attacks on 19-round Raindrop128-128, 21-round Raindrop128-256 and 20-round Raindrop256. Our attacks are better than any previously published cryptanalytic results on Raindrop in terms of the numbers of attacked rounds.

KW - Block cipher

KW - Impossible differential cryptanalysis

KW - Raindrop

UR - https://www.scopus.com/pages/publications/85204918321

U2 - 10.1007/978-3-031-71073-5_10

DO - 10.1007/978-3-031-71073-5_10

M3 - 会议稿件

AN - SCOPUS:85204918321

SN - 9783031710728

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 206

EP - 227

BT - Security and Cryptography for Networks - 14th International Conference, SCN 2024, Proceedings

A2 - Galdi, Clemente

A2 - Phan, Duong Hieu

PB - Springer Science and Business Media Deutschland GmbH

T2 - 14th Conference on Security and Cryptography for Networks, SCN 2024

Y2 - 11 September 2024 through 13 September 2024

ER -

Lu J , Zhang X. Impossible Differential Cryptanalysis of the Raindrop Block Cipher. 在 Galdi C, Phan DH, 编辑, Security and Cryptography for Networks - 14th International Conference, SCN 2024, Proceedings. Springer Science and Business Media Deutschland GmbH. 2024. 页码 206-227. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-031-71073-5_10

Impossible Differential Cryptanalysis of the Raindrop Block Cipher

摘要

出版系列

会议

访问文件

其它文件与链接

指纹

引用此