SAND-128 is an AND-RX-based Feistel cipher proposed by Chen et al. (Designs, Codes and Cryptography 2022). This paper evaluates the security of the lightweight block cipher SAND-128 against impossible differential attacks. We use the bit-level Constraint Programming (CP) model proposed by Hadipour et al., which enables an automatic search for impossible differential distinguishers without requiring fixed input/output differences. Applying this model, we identified \(2^{14} \times 7 = 114,688\) distinguishers over 14 rounds. Using one of them, and following the complexity framework established by Boura et al., we show a 21-round key-recovery attack on SAND-128 with data, time, and memory complexities of \(2^{126}\) , \(2^{126.33}\) , and \(2^{122}\) respectively.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Impossible Differential Attack on SAND-128

  • Nobuyuki Sugio

摘要

SAND-128 is an AND-RX-based Feistel cipher proposed by Chen et al. (Designs, Codes and Cryptography 2022). This paper evaluates the security of the lightweight block cipher SAND-128 against impossible differential attacks. We use the bit-level Constraint Programming (CP) model proposed by Hadipour et al., which enables an automatic search for impossible differential distinguishers without requiring fixed input/output differences. Applying this model, we identified \(2^{14} \times 7 = 114,688\) distinguishers over 14 rounds. Using one of them, and following the complexity framework established by Boura et al., we show a 21-round key-recovery attack on SAND-128 with data, time, and memory complexities of \(2^{126}\) , \(2^{126.33}\) , and \(2^{122}\) respectively.