By Topic

The Diffusion Properties of KATAN32 Block Cipher and Meet in the Middle Attack on KATAN32

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Changyong Peng ; Dept. of Network Eng., Zhengzhou Inf. Sci. & Technol. Inst., Zhengzhou, China ; Yuefei Zhu

This paper presents the first results on the diffusion properties of KATAN32 [1] Block Cipher accepting a key of 80 bits, a block length of 32 bits and a round number of 254. By using the symbolic computation software Mathematica 7.0, this paper gets the algebraic expressions of the internal state bits of KATAN32 with a reduced round number as the Boolean functions of the plaintext bits and the key bits. The results are as follows: Any of the 32 internal state bits between round 1 and 52 depends on at most 79 bits of the 80 key bits, Any of the 32 internal state bits between round 1 and 20 depends on at most 31 bits of the 32 plaintext bits, The 19th bit of the internal state bits after round 39 is independent on the 14th plaintext bit, which means that it is not until 40 rounds that the 32 plaintext bits will diffuse to each internal state bits, The 19th bit of the internal state bits after round 73 is independent on the 80th key bit, which means that it is not until 74 rounds that the 80 key bits will diffuse to each internal state bits. This paper also gets the algebraic expressions of some of the internal state bits of KATAN32 as the Boolean functions of the cipher text bits and the key bits. As an application, this paper sets up an equation system over GF(2) of KATAN32 of reduced round number 42 by the method of meet in the middle attack, which is the first meet in the middle attack on KATAN32. With 3 known plaintexts the equation system is solved by finding the Gröbner basis of the equation system by Magma 2.17-5 [2]. Thus the 80 bits master keys are recovered.

Published in:

Multimedia Information Networking and Security (MINES), 2011 Third International Conference on

Date of Conference:

4-6 Nov. 2011