Related-Key Differential Attack on Round-Reduced Bel-T-256

Ahmed ABDELKHALEK; Mohamed TOLBA; Amr M. YOUSSEF

doi:10.1587/transfun.E101.A.859

Related-Key Differential Attack on Round-Reduced Bel-T-256

Ahmed ABDELKHALEK, Mohamed TOLBA, Amr M. YOUSSEF

Full Text Views

0

Share
Cite this

Summary :

Bel-T is the national block cipher encryption standard of the Republic of Belarus. It operates on 128-bit blocks and uses either 128, 192 or 256-bit keys. Bel-T combines a Feistel network with a Lai-Massey scheme and it has a complex round function with 7 S-box layers. In this work, we use a Mixed Integer Linear Programming (MILP) approach to find a a related-key differential characteristic that extends for 4 rounds and 5 S-box layers ($4 rac{5}{7}$ rounds) with probability higher than 2^-128. To build an MILP model of Bel-T that a solver can practically handle, we use a partial Difference Distribution Table (DDT) based on the Hamming weight of the input and output differences. The identified differential characteristic is used to mount a key recovery attack on 5 rounds and 6 S-box layers ($5 rac{6}{7}$ out of 8 rounds) of Bel-T-256 with 2^123.28 chosen plaintexts and 2^228.4 encryptions. According to the best of our knowledge, this is the first public cryptanalysis of Bel-T in the black-box attack model.

Publication: IEICE TRANSACTIONS on Fundamentals Vol.E101-A No.5 pp.859-862

Publication Date: 2018/05/01

Publicized

Online ISSN: 1745-1337

DOI: 10.1587/transfun.E101.A.859

Type of Manuscript: LETTER

Category: Cryptography and Information Security

Authors

Ahmed ABDELKHALEK
  Concordia University
Mohamed TOLBA
  Concordia University
Amr M. YOUSSEF
  Concordia University

Keyword

Cite this

Copy

Ahmed ABDELKHALEK, Mohamed TOLBA, Amr M. YOUSSEF, "Related-Key Differential Attack on Round-Reduced Bel-T-256" in IEICE TRANSACTIONS on Fundamentals, vol. E101-A, no. 5, pp. 859-862, May 2018, doi: 10.1587/transfun.E101.A.859.
Abstract: Bel-T is the national block cipher encryption standard of the Republic of Belarus. It operates on 128-bit blocks and uses either 128, 192 or 256-bit keys. Bel-T combines a Feistel network with a Lai-Massey scheme and it has a complex round function with 7 S-box layers. In this work, we use a Mixed Integer Linear Programming (MILP) approach to find a a related-key differential characteristic that extends for 4 rounds and 5 S-box layers ($4 rac{5}{7}$ rounds) with probability higher than 2^-128. To build an MILP model of Bel-T that a solver can practically handle, we use a partial Difference Distribution Table (DDT) based on the Hamming weight of the input and output differences. The identified differential characteristic is used to mount a key recovery attack on 5 rounds and 6 S-box layers ($5 rac{6}{7}$ out of 8 rounds) of Bel-T-256 with 2^123.28 chosen plaintexts and 2^228.4 encryptions. According to the best of our knowledge, this is the first public cryptanalysis of Bel-T in the black-box attack model.
URL: https://globals.ieice.org/en_transactions/fundamentals/10.1587/transfun.E101.A.859/_p

Copy

@ARTICLE{e101-a_5_859,
author={Ahmed ABDELKHALEK, Mohamed TOLBA, Amr M. YOUSSEF, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={Related-Key Differential Attack on Round-Reduced Bel-T-256},
year={2018},
volume={E101-A},
number={5},
pages={859-862},
abstract={Bel-T is the national block cipher encryption standard of the Republic of Belarus. It operates on 128-bit blocks and uses either 128, 192 or 256-bit keys. Bel-T combines a Feistel network with a Lai-Massey scheme and it has a complex round function with 7 S-box layers. In this work, we use a Mixed Integer Linear Programming (MILP) approach to find a a related-key differential characteristic that extends for 4 rounds and 5 S-box layers ($4 rac{5}{7}$ rounds) with probability higher than 2^-128. To build an MILP model of Bel-T that a solver can practically handle, we use a partial Difference Distribution Table (DDT) based on the Hamming weight of the input and output differences. The identified differential characteristic is used to mount a key recovery attack on 5 rounds and 6 S-box layers ($5 rac{6}{7}$ out of 8 rounds) of Bel-T-256 with 2^123.28 chosen plaintexts and 2^228.4 encryptions. According to the best of our knowledge, this is the first public cryptanalysis of Bel-T in the black-box attack model.},
keywords={},
doi={10.1587/transfun.E101.A.859},
ISSN={1745-1337},
month={May},}

Copy

TY - JOUR
TI - Related-Key Differential Attack on Round-Reduced Bel-T-256
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 859
EP - 862
AU - Ahmed ABDELKHALEK
AU - Mohamed TOLBA
AU - Amr M. YOUSSEF
PY - 2018
DO - 10.1587/transfun.E101.A.859
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E101-A
IS - 5
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - May 2018
AB - Bel-T is the national block cipher encryption standard of the Republic of Belarus. It operates on 128-bit blocks and uses either 128, 192 or 256-bit keys. Bel-T combines a Feistel network with a Lai-Massey scheme and it has a complex round function with 7 S-box layers. In this work, we use a Mixed Integer Linear Programming (MILP) approach to find a a related-key differential characteristic that extends for 4 rounds and 5 S-box layers ($4 rac{5}{7}$ rounds) with probability higher than 2^-128. To build an MILP model of Bel-T that a solver can practically handle, we use a partial Difference Distribution Table (DDT) based on the Hamming weight of the input and output differences. The identified differential characteristic is used to mount a key recovery attack on 5 rounds and 6 S-box layers ($5 rac{6}{7}$ out of 8 rounds) of Bel-T-256 with 2^123.28 chosen plaintexts and 2^228.4 encryptions. According to the best of our knowledge, this is the first public cryptanalysis of Bel-T in the black-box attack model.
ER -