Cameron McDonald

Truncated Differential Analysis of Reduced-Round LBlock

In this paper we present truncated differential analysis of reduced-round LBlock by computing the differential distribution of every nibble of the state. LLR statistical test is used as a tool to apply the distinguishing and key-recovery attacks. To build the distinguisher, all possible differences are traced through the cipher and the truncated differential probability distribution is determined for every output nibble. We concatenate additional rounds to the beginning and end of the truncated differential distribution to apply the key-recovery attack. By exploiting properties of the key schedule, we obtain a large overlap of key bits used in the beginning and final rounds. This allows us to significantly increase the differential probabilities and hence reduce the attack complexity. We validate the analysis by implementing the attack on LBlock reduced to 12 rounds. Finally, we apply single-key and related-key attacks on 18 and 21-round LBlock, respectively.

Specification for NLSv2

NLSv2 is a synchronous stream cipher with message authentication functionality, submitted to the ECrypt Network of Excellence call for stream cipher primitives, profile 1A. NLSv2 is an updated version of NLS [19]. The minor change between NLS and NLSv2 increases resistance to attacks utilizing large amounts of keystream. NLS stands for Non-Linear SOBER, and the NLS ciphers are members of the SOBER family of stream ciphers [12],[16],[23] and [24].