Abstract
In this study, we present the first yoyo attack to recover the secret round function of the 4-round Lai-Massey scheme with an affine orthomorphism. We first perform a yoyo attack on 3-round Lai-Massey scheme. However, the original method for constructing plaintext equations is not sufficiently effective. To solve this problem, we partition the ciphertext and plaintext spaces into \(2^{n}\) subsets, which provides a fresh perspective on our yoyo attack. From this perspective, our study presents two improvements. One is that we devise an improved yoyo game in which the established ciphertext pool significantly narrows the search of good pairs compared with random selection, and the inserted filter can eliminate all wrong pairs using simple XOR calculations. Consequently, the yoyo game is advantageous for reducing the complexity of seeking good pairs, and we can avoid the complexity involved in solving equations generated using wrong pairs. The other is that we present a valid method for solving equations, which helps to reduce the number of yoyos required to recover the first-round function. After removing the first round, the look-up tables of the remaining two round functions of the 3-round Lai-Massey scheme can be retrieved by selecting the inputs and accessing the outputs. On the basis of this attack, we mount a yoyo attack on the 4-round Lai-Massey scheme to recover the fourth-round function and then apply the above attack to the remaining three rounds. In general, the complete recovery of the 4-round Lai-Massey scheme requires time complexity O\((k_{1}2^{2n})\) and memory O\((2^{2n})\), where \(n\le k_{1}<2^{n}\).
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Data Availability
Data availability is not applicable to this article as no new data were created or analyzed in this study.
References
Bardeh N.G., Rønjom S.: Practical attacks on reduced-round aes. In: Buchmann J., Nitaj A., Rachidi T. (eds.) Progress in Cryptology—AFRICACRYPT 2019, pp. 297–310. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-23696-0_15.
Biham E., Biryukov A., Dunkelman O., Richardson E., Shamir A.: Initial observations on skipjack: cryptanalysis of skipjack-3xor. In: Tavares S., Meijer H. (eds.) Selected Areas in Cryptography, pp. 362–375. Springer, Berlin (1999). https://doi.org/10.1007/3-540-48892-8_27.
Biryukov A., Shamir A.: Structural cryptanalysis of sasas. In: Pfitzmann B. (ed.) Advances in Cryptology—EUROCRYPT 2001, pp. 395–405. Springer, Berlin, Heidelberg (2001).
Biryukov A., Perrin L.: On reverse-engineering s-boxes with hidden design criteria or structure. In: Gennaro R., Robshaw M. (eds.) Advances in Cryptology—CRYPTO 2015, pp. 116–140. Springer, Berlin (2015). https://doi.org/10.1007/978-3-662-47989-6_6.
Biryukov A., Leurent G., Perrin L.: Cryptanalysis of Feistel networks with secret round functions. In: Dunkelman O., Keliher L. (eds.) Selected Areas in Cryptography—SAC 2015, pp. 102–121. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-31301-6_6.
Borghoff J., Knudsen L.R., Leander G., Thomsen S.S.: Cryptanalysis of present-like ciphers with secret s-boxes. In: Joux A. (ed.) Fast Software Encryption, pp. 270–289. Springer, Berlin (2011).
Chen J., Hu Y., Zhang Y., Dong X.: Differential collision attack on reduced fox block cipher. China Commun. 9(7), 71–76 (2012).
Cui T., Chen S., Zheng H.: A structural attack on type-i generalized Feistel networks. IEEE Access 7, 69304–69310 (2019). https://doi.org/10.1109/ACCESS.2019.2918350.
Dong X., Wei Y., Gao W., Chen J.: New meet-in-the-middle attacks on fox block cipher. Comput. J. (2022). https://doi.org/10.1093/comjnl/bxac007.
Dunkelman O., Keller N., Ronen E., Shamir A.: The retracing boomerang attack. In: Canteaut A., Ishai Y. (eds.) Advances in Cryptology—EUROCRYPT 2020, pp. 280–309. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45721-1_11.
Guo R., Jin C.: Impossible differential cryptanalysis on Lai-Massey scheme. ETRI J. 36(6), 1032–1040 (2014). https://doi.org/10.4218/etrij.14.0113.1335.
Guo R., Jin C.: On the pseudorandomness of the Lai-Massey scheme. J. Electron. Inf. Technol. 36(4), 828–833 (2014). https://doi.org/10.3724/SP.J.1146.2013.00870.
Guo R., Jin C.: Integral cryptanalysis of reduced round fox64. J. Electron. Inf. Technol. 37(2), 417–422 (2015). https://doi.org/10.11999/JEIT140373.
Hou T., Cui T.: Yoyo trick on type-ii generalised Feistel networks. IET Inf. Secur. 15(6), 457–471 (2021). https://doi.org/10.1049/ise2.12035.
Junod P., Vaudenay S.: Fox: A new family of block ciphers. In: Handschuh H., Hasan M.A. (eds.) Selected Areas in Cryptography, pp. 114–129. Springer, Berlin, Heidelberg (2005). https://doi.org/10.1007/978-3-540-30564-4_8.
Knudsen L.: Deal-a 128-bit block cipher. Complexity 258(2), 216 (1998).
Lai X., Massey J.L., Murphy S.: Markov ciphers and differential cryptanalysis. In: Davies D.W. (ed.) Advances in Cryptology—EUROCRYPT ’91, pp. 17–38. Springer, Berlin, Heidelberg (1991). https://doi.org/10.1007/3-540-46416-6_2.
Lai X., Massey J.L.: A proposal for a new block encryption standard. In: Damgård I.B. (ed.) Advances in Cryptology—EUROCRYPT ’90, pp. 389–404. Springer, Berlin, Heidelberg (1991). https://doi.org/10.1007/3-540-46877-3_35.
Lai X., Massey J.L.: Hash functions based on block ciphers. In: Rueppel R.A. (ed.) Advances in Cryptology—EUROCRYPT’ 92, pp. 55–70. Springer, Berlin, Heidelberg (1993). https://doi.org/10.1007/3-540-47555-9_5.
Li R., You J., Sun B., Li C.: Fault analysis study of the block cipher fox64. Multimed. Tools Appl. 63(3), 691–708 (2013). https://doi.org/10.1007/s11042-011-0895-x.
Li X., Jin C., Fu F.: Improved results of impossible differential cryptanalysis on reduced fox. Comput. J. 59(4), 541–548 (2016). https://doi.org/10.1093/comjnl/bxv073.
Liu G., Jin C.: Differential cryptanalysis of present-like cipher. Des. Codes Cryptogr. 76(3), 385–408 (2015). https://doi.org/10.1007/s10623-014-9965-1.
Liu G.-Q., Jin C.-H., Qi C.-D.: Improved slender-set linear cryptanalysis. In: Cid C., Rechberger C. (eds.) Fast Software Encryption, pp. 431–450. Springer, Berlin (2015). https://doi.org/10.1007/978-3-662-46706-0_22.
Luo Y., Lai X., Gong Z.: Pseudorandomness analysis of the (extended) lai-massey scheme. Inf. Process. Lett. 111(2), 90–96 (2010). https://doi.org/10.1016/j.ipl.2010.10.012.
Luo Y., Lai X., Hu J.: The pseudorandomness of many-round lai-massey scheme. J. Inf. Sci. Eng. 31(3), 1085–1096 (2015).
Luo Y., Lai X., Zhou Y.: Generic attacks on the Lai-Massey scheme. Des. Codes Cryptogr. 83(2), 407–423 (2017). https://doi.org/10.1007/s10623-016-0235-2.
Mao S., Guo T., Wang P., Hu L.: Quantum attacks on Lai-Massey structure. In: Cheon J.H., Johansson T. (eds.) Post-quantum Cryptography, pp. 205–229. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-17234-2_11.
Nakahara J.: Differential and linear attacks on the full widea-n block ciphers (under weak keys). In: Pieprzyk J., Sadeghi A.-R., Manulis M. (eds.) Cryptology and Network Security, pp. 56–71. Springer, Berlin (2012). https://doi.org/10.1007/978-3-642-35404-5_6.
Nakahara J., Rijmen V., Preneel B., Vandewalle J.: The mesh block ciphers. In: Chae K.-J., Yung M. (eds.) Information security applications, pp. 458–473. Springer, Berlin (2004). https://doi.org/10.1007/978-3-540-24591-9_34.
Patarin J.: Generic attacks on Feistel schemes. In: Boyd C. (ed.) Advances in Cryptology—ASIACRYPT 2001, pp. 222–238. Springer, Berlin (2001). https://doi.org/10.1007/3-540-45682-1_14.
Rønjom S., Bardeh N.G., Helleseth T.: Yoyo tricks with aes. In: Takagi T., Peyrin T. (eds.) Advances in Cryptology—ASIACRYPT 2017, pp. 217–243. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70694-8_8.
Shamsabad, M.M., Dehnavi, S.M.: Lai-massey scheme revisited. Cryptology ePrint Archive (2020)
Tiessen T., Knudsen L.R., Kölbl S., Lauridsen M.M.: Security of the aes with a secret s-box. In: Leander G. (ed.) Fast Software Encryption, pp. 175–189. Springer, Berlin (2015). https://doi.org/10.1007/978-3-662-48116-5_9.
Vaudenay S.: On the lai-massey scheme. In: Lam K.-Y., Okamoto E., Xing C. (eds.) Advances in Cryptology—ASIACRYPT’99, pp. 8–19. Springer, Berlin, Heidelberg (1999). https://doi.org/10.1007/978-3-540-48000-6_2.
Wu Z., Lai X., Zhu B., Luo Y.: Impossible differential cryptanalysis of fox. Cryptology ePrint Archive (2009).
Wu W., Zhang W., Feng D.: Integral cryptanalysis of reduced fox block cipher. In: Won D.H., Kim S. (eds.) Information Security and Cryptology—CISC 2005, pp. 229–241. Springer, Berlin (2006). https://doi.org/10.1007/11734727_20.
Yun A., Park J.H., Lee J.: On Lai-Massey and quasi-Feistel ciphers. Des. Codes Cryptogr. 58(1), 45–72 (2011). https://doi.org/10.1007/s10623-010-9386-8.
Zhang, C., Qu, Z., Yu, Z.: Improbable differential attacks on reduced fox64. In: Proceedings of the 4th International Conference on Mechatronics, Materials, Chemistry and Computer Engineering 2015, pp. 885–891. Atlantis Press, Xi’an,China (2015). https://doi.org/10.2991/icmmcce-15.2015.471
Acknowledgements
The authors thank the anonymous reviewers for their comments.
Funding
This work was supported by National Natural Science Foundation of China (No. 62372157).
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no Conflict of interest.
Additional information
Communicated by M. Eichlseder.
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Dong, L., Zhang, D., Li, W. et al. Yoyo attack on 4-round Lai-Massey scheme with secret round functions. Des. Codes Cryptogr. (2024). https://doi.org/10.1007/s10623-024-01408-8
Received:
Revised:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10623-024-01408-8