TY - GEN
T1 - Distinguishing Attack on XO-64
AU - Phuc, Tran Song Dat
AU - Lee, Changhoon
N1 - Publisher Copyright:
© 2016 IEEE.
PY - 2016/4/19
Y1 - 2016/4/19
N2 - XO-64 block cipher provides a high performance with small hardware requirement in implementation. It is designed in improvement of high applicability, high flexibility, and high reliability in fast and efficient telecommunication system, based on conception of data-dependent operation (DDO); same as some other ciphers MD-64, KT-64, Eagle-64, Eagle-128.; and substitution permutation network (SPN). Besides achieving high-speed rate in FPGA devices, this cipher also shows high secure against known attacks, such as differential attack, linear attack. In this paper, by constructing related-key differential characteristics with high probability on 6-round reduced XO-64, we explore the possibility to distinguish between a 6-round reduced XO-64 and a 64-bit random permutation. A distinguishing attack on a 6-round reduced XO-64 is proposed, requires complexities of 244 in data, 247 in memory, and 265 in computation time. In future, our attack method is expected to extend to related-key recovery attack on this cipher algorithm, and other ciphers with same type of structure designs so far.
AB - XO-64 block cipher provides a high performance with small hardware requirement in implementation. It is designed in improvement of high applicability, high flexibility, and high reliability in fast and efficient telecommunication system, based on conception of data-dependent operation (DDO); same as some other ciphers MD-64, KT-64, Eagle-64, Eagle-128.; and substitution permutation network (SPN). Besides achieving high-speed rate in FPGA devices, this cipher also shows high secure against known attacks, such as differential attack, linear attack. In this paper, by constructing related-key differential characteristics with high probability on 6-round reduced XO-64, we explore the possibility to distinguish between a 6-round reduced XO-64 and a 64-bit random permutation. A distinguishing attack on a 6-round reduced XO-64 is proposed, requires complexities of 244 in data, 247 in memory, and 265 in computation time. In future, our attack method is expected to extend to related-key recovery attack on this cipher algorithm, and other ciphers with same type of structure designs so far.
KW - Block cipher
KW - Cryptanalysis
KW - Cryptography
KW - Data-dependent Operation (DDO)
KW - Distinguishing Attack
KW - Substitution Permutation Network (SPN)
KW - XO-64
UR - http://www.scopus.com/inward/record.url?scp=84968665555&partnerID=8YFLogxK
U2 - 10.1109/PlatCon.2016.7456794
DO - 10.1109/PlatCon.2016.7456794
M3 - Conference contribution
AN - SCOPUS:84968665555
T3 - 2016 International Conference on Platform Technology and Service, PlatCon 2016 - Proceedings
BT - 2016 International Conference on Platform Technology and Service, PlatCon 2016 - Proceedings
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 3rd International Conference on Platform Technology and Service, PlatCon 2016
Y2 - 15 February 2016 through 17 February 2016
ER -