Conditional Differential Cryptanalysis of Trivium and KATAN

Simon Knellwolf, Willi Meier, and María Naya-Plasencia

Selected Areas in Cryptography, Lecture Notes in Computer Science, Springer, vol. 7118, pp. 200-212, 2011.

The concept of conditional differential cryptanalysis has been applied to NLFSR-based cryptosystems at ASIACRYPT 2010. We improve the technique by using automatic tools to find and analyze the involved conditions. Using these improvements we cryptanalyze the stream cipher Trivium and the KATAN family of lightweight block ciphers. For both ciphers we obtain new cryptanalytic results. For reduced variants of Trivium we obtain a class of weak keys that can be practically distinguished up to 961 of 1152 rounds. For the KATAN family we focus on its security in the related-key scenario and obtain practical key-recovery attacks for 120, 103 and 90 of 254 rounds of KATAN32, KATAN48 and KATAN64, respectively.

BibTeX Citation

@inproceedings{KnMePl11,
    author       = {Simon Knellwolf and Willi Meier and María Naya-Plasencia},
    title        = {Conditional Differential Cryptanalysis of Trivium and KATAN},
    editor       = {Ali Miri and Serge Vaudenay},
    booktitle    = {Selected Areas in Cryptography},
    pages        = {200-212},
    series       = {Lecture Notes in Computer Science},
    volume       = {7118},
    year         = {2011},
    publisher    = {Springer},
}