Ferhat Karakoç

Biclique Cryptanalysis of TWINE

TWINE is a lightweight block cipher firstly proposed at ECRYPT Workshop on Lightweight Cryptography 2011 and then presented at the Conference on Selected Areas in Cryptography 2012. The cipher consists of 36 rounds and has two versions TWINE-80 and TWINE-128 supporting key lengths of 80 and 128 bits, respectively. The block length of the two versions is 64-bit. In this paper, we present the first single-key attacks on both the versions of the cipher. In these attacks, we use the recently developed biclique technique. The complexities of the attacks on TWINE-80 and TWINE-128 are 279.10 and 2126.82 respectively and the data requirement for the two attacks is 260.

ITUbee: A Software Oriented Lightweight Block Cipher

In this paper, we propose a software oriented lightweight block cipher, ITUbee. The cipher is especially suitable for resource constrained devices including an 8-bit microcontroller such as sensor nodes in wireless sensor networks. For a sensor node one of the most important constraints is the low energy consumption because of the limited battery power. Also, the memory on sensor nodes are restricted. We have simulated the performance of ITUbee in the AVR ATtiny45 microcontroller using the integrated development platform Atmel Studio 6. We have evaluated the memory usage and clock cycles needed for an encryption. The number of clock cycles gives a metric for energy consumption. The simulation results show that ITUbee is a competitive block cipher on 8-bit software platforms in terms of energy consumption. Also, less memory requirement of the cipher is remarkable. In addition, we have shown that the attacks which are effective on software oriented lightweight block ciphers can not reduce the 80-bit security level of ITUbee.

Impossible differential cryptanalysis of reduced-round LBlock

In this paper, we improve the impossible differential attack on 20-round LBlock given in the design paper of the LBlock cipher. Using relations between the round keys we attack on 21-round and 22-round LBlock with a complexity of 269.5 and 279.28 encryptions respectively. We use the same 14-round impossible differential characteristic observed by the designers to attack on 21 rounds and another 14-round impossible differential characteristic to attack on 22 rounds of LBlock.

Biclique cryptanalysis of LBlock and TWINE

Abstract LBlock and TWINE are two lightweight block ciphers recently designed for tiny computing devices, such as RFID tags and sensor network nodes. Both of the algorithms have a generalized Feistel structure with a block size of 64 bits. LBlock consists of 32 rounds and supports a key length of 80 bits while TWINE consists of 36 rounds and supports key lengths of 80 and 120 bits. In this paper, we present attacks on different number of rounds of these lightweight block ciphers by using the biclique cryptanalysis technique recently developed for cryptanalysis of the hash functions Skein-512 and SHA-2 and the Advanced Encryption Standard. Applying this technique on full LBlock we have a slight improvement over the brute force attack while the biclique cryptanalysis of full TWINE has already been proposed.

Multidimensional Meet-in-the-Middle Attacks on Reduced-Round TWINE-128

TWINE is a lightweight block cipher designed for multiple platforms and was proposed at Selected Areas in Cryptography, 2012. The number of rounds of TWINE is 36 and the most powerful attack given by the designers is the impossible differential attack against 24 rounds of TWINE-128 whose time complexity is 2115.10 encryptions and data complexity is 252.21 blocks. The best attack known so far is the biclique attack on the full round cipher with a time complexity of 2126.82 and data complexity of 260. However the time complexity of biclique attack is near exhaustive search and data needed for the attack is near the whole codebook.

Fixed Points of Special Type and Cryptanalysis of Full GOST

GOST, the Russian encryption standard, is a block cipher of 64-bit block and 256-bit key size and consists of 32 rounds. In this work, we show that the probability that the GOST permutations produced through random keys have at least one fixed point and exactly two fixed points of special type are twice and five times more than those of random permutations respectively. We utilize this property of GOST to mount a new reflection attack on full GOST.

AKF: A key alternating Feistel scheme for lightweight cipher designs

Abstract In the classical Feistel structure the usage of alternating keys makes the cipher insecure against the related key attacks. In this work, we propose a new block cipher scheme, AKF, based on a Feistel structure with alternating keys but resistant against related key attacks. AKF leads constructions of lightweight block ciphers suitable for resource restricted devices such as RFID tags and wireless sensor nodes. Using AKF we also present a software oriented lightweight block cipher, ITUbee , especially suitable for wireless sensor nodes. We show that ITUbee has a better performance than most of the ciphers which were compared in a recent work.