Cube attacks on round-reduced TinyJAMBU
Abstract Lightweight cryptography has recently gained importance as the number of Internet of things (IoT) devices connected to Internet grows. Its main goal is to provide cryptographic algorithms that can be run efficiently in resource-limited environments such as IoT. To meet the challenge, the Na...
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Nature Portfolio
2022-03-01
|
| Series: | Scientific Reports |
| Online Access: | https://doi.org/10.1038/s41598-022-09004-3 |
| _version_ | 1819052071109787648 |
|---|---|
| author | Wil Liam Teng Iftekhar Salam Wei-Chuen Yau Josef Pieprzyk Raphaël C.-W. Phan |
| author_facet | Wil Liam Teng Iftekhar Salam Wei-Chuen Yau Josef Pieprzyk Raphaël C.-W. Phan |
| author_sort | Wil Liam Teng |
| collection | DOAJ |
| description | Abstract Lightweight cryptography has recently gained importance as the number of Internet of things (IoT) devices connected to Internet grows. Its main goal is to provide cryptographic algorithms that can be run efficiently in resource-limited environments such as IoT. To meet the challenge, the National Institute of Standards and Technology (NIST) announced the Lightweight Cryptography (LWC) project. One of the finalists of the project is the TinyJAMBU cipher. This work evaluates the security of the cipher. The tool used for the evaluation is the cube attack. We present five distinguishing attacks DA1–DA5 and two key recovery attacks KRA1–KRA2. The first two distinguishing attacks (DA1 and DA2) are launched against the initialisation phase of the cipher. The best result achieved for the attacks is a distinguisher for an 18-bit cube, where the cipher variant consists of the full initialisation phase together with 438 rounds of the encryption phase. The key recovery attacks (KRA1 and KRA2) are also launched against the initialisation phase of the cipher. The best key recovery attack can be applied for a cipher variant that consists of the full initialisation phase together with 428 rounds of the encryption phase. The attacks DA3–DA5 present a collection of distinguishers up to 437 encryption rounds, whose 32-bit cubes are chosen from the plaintext, nonce, or associated data bits. The results are confirmed experimentally. A conclusion from the work is that TinyJAMBU has a better security margin against cube attacks than claimed by the designers. |
| first_indexed | 2024-12-21T12:14:00Z |
| format | Article |
| id | doaj.art-323bd88f7ce346038ce1dab89e0aeac1 |
| institution | Directory Open Access Journal |
| issn | 2045-2322 |
| language | English |
| last_indexed | 2024-12-21T12:14:00Z |
| publishDate | 2022-03-01 |
| publisher | Nature Portfolio |
| record_format | Article |
| series | Scientific Reports |
| spelling | doaj.art-323bd88f7ce346038ce1dab89e0aeac12022-12-21T19:04:30ZengNature PortfolioScientific Reports2045-23222022-03-0112111310.1038/s41598-022-09004-3Cube attacks on round-reduced TinyJAMBUWil Liam Teng0Iftekhar Salam1Wei-Chuen Yau2Josef Pieprzyk3Raphaël C.-W. Phan4School of Computing and Data Science, Xiamen University MalaysiaSchool of Computing and Data Science, Xiamen University MalaysiaSchool of Computing and Data Science, Xiamen University MalaysiaData61, Commonwealth Scientific and Industrial Research OrganisationSchool of IT, Monash UniversityAbstract Lightweight cryptography has recently gained importance as the number of Internet of things (IoT) devices connected to Internet grows. Its main goal is to provide cryptographic algorithms that can be run efficiently in resource-limited environments such as IoT. To meet the challenge, the National Institute of Standards and Technology (NIST) announced the Lightweight Cryptography (LWC) project. One of the finalists of the project is the TinyJAMBU cipher. This work evaluates the security of the cipher. The tool used for the evaluation is the cube attack. We present five distinguishing attacks DA1–DA5 and two key recovery attacks KRA1–KRA2. The first two distinguishing attacks (DA1 and DA2) are launched against the initialisation phase of the cipher. The best result achieved for the attacks is a distinguisher for an 18-bit cube, where the cipher variant consists of the full initialisation phase together with 438 rounds of the encryption phase. The key recovery attacks (KRA1 and KRA2) are also launched against the initialisation phase of the cipher. The best key recovery attack can be applied for a cipher variant that consists of the full initialisation phase together with 428 rounds of the encryption phase. The attacks DA3–DA5 present a collection of distinguishers up to 437 encryption rounds, whose 32-bit cubes are chosen from the plaintext, nonce, or associated data bits. The results are confirmed experimentally. A conclusion from the work is that TinyJAMBU has a better security margin against cube attacks than claimed by the designers.https://doi.org/10.1038/s41598-022-09004-3 |
| spellingShingle | Wil Liam Teng Iftekhar Salam Wei-Chuen Yau Josef Pieprzyk Raphaël C.-W. Phan Cube attacks on round-reduced TinyJAMBU Scientific Reports |
| title | Cube attacks on round-reduced TinyJAMBU |
| title_full | Cube attacks on round-reduced TinyJAMBU |
| title_fullStr | Cube attacks on round-reduced TinyJAMBU |
| title_full_unstemmed | Cube attacks on round-reduced TinyJAMBU |
| title_short | Cube attacks on round-reduced TinyJAMBU |
| title_sort | cube attacks on round reduced tinyjambu |
| url | https://doi.org/10.1038/s41598-022-09004-3 |
| work_keys_str_mv | AT williamteng cubeattacksonroundreducedtinyjambu AT iftekharsalam cubeattacksonroundreducedtinyjambu AT weichuenyau cubeattacksonroundreducedtinyjambu AT josefpieprzyk cubeattacksonroundreducedtinyjambu AT raphaelcwphan cubeattacksonroundreducedtinyjambu |