IACR News item: 19 March 2015
Alex Biryukov, Patrick Derbez, Léo Perrin
ePrint Reportstructure. We first present two new attacks on TWINE-128
reduced to 25 rounds that have a slightly higher overall complexity than the 25-round attack presented by Wang and Wu at ACISP 2014, but a lower data complexity.
Then, we introduce alternative representations of both the round
function of this block cipher and of a sequence of 4 rounds. LBlock,
another lightweight block cipher, turns out to exhibit the same
behaviour. Then, we illustrate how this alternative representation
can shed new light on the security of TWINE by deriving high
probability iterated truncated differential trails covering 4 rounds
with probability $2^{-16}$.
The importance of these is shown by combining different
truncated differential trails to attack 23-rounds TWINE-128 and by
giving a tighter lower bound on the high probability of some
differentials by clustering differential characteristics following
one of these truncated trails. A comparison between these high
probability differentials and those recently found in a variant of
LBlock by Leurent highlights the importance of considering the whole
distribution of the coefficients in the difference distribution
table of a S-Box and not only their maximum value.
Additional news items may be found on the IACR news page.