Integral cryptanalysis on reduce-round SAILFISH-I
Abstract SAILFISH-I, first proposed by Agarwal et al. in 2022, is a lightweight block cipher with a typical Feistel structure, which is evaluated for the first time in this paper for its resistance to integral cryptanalysis. Firstly, the S-box and the overall structure are modeled based on the MILP...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
SpringerOpen
2025-03-01
|
| Series: | Cybersecurity |
| Subjects: | |
| Online Access: | https://doi.org/10.1186/s42400-024-00302-z |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849761967451930624 |
|---|---|
| author | Yanjun Li Lixian Zhang Yiping Lin Jian Liu Yani Sun |
| author_facet | Yanjun Li Lixian Zhang Yiping Lin Jian Liu Yani Sun |
| author_sort | Yanjun Li |
| collection | DOAJ |
| description | Abstract SAILFISH-I, first proposed by Agarwal et al. in 2022, is a lightweight block cipher with a typical Feistel structure, which is evaluated for the first time in this paper for its resistance to integral cryptanalysis. Firstly, the S-box and the overall structure are modeled based on the MILP method. We can find 11-round integral distinguishers for SAILFISH-I, which further reduces the number of active bits to find 10-round integral distinguishers with 57 active bits. Secondly, one round is added in front of the distinguisher and three rounds are added at the back, while the partial sum technique is used for the first time to recover the key of SAILFISH-I for 14-round. In the whole process of integral attack, the required data complexity is adding one round in front of the distinguisher and three rounds at the same time, using the partial sum technique. For the key recovery of SAILFISH-I for the first time, the required data complexity is $$2^{59}$$ 2 59 chosen plaintexts, the time complexity is $$2^{59.42}$$ 2 59.42 times 14-round of encryption, and the memory complexity is $$2^{57}$$ 2 57 . Finally, based on the 14-round key recovery attack, the guessing order of key bits is optimized, and the 18-round key recovery attack on SAILFISH-I is completed for the first time. Throughout the integral attack process, we recover 97 bits of key with $$2^{61.64}$$ 2 61.64 chosen plaintexts and $$2^{147.06}$$ 2 147.06 time complexity of the 18-round encryption. Moreover, if we can use the balanced bits fully, then the number of recoverable key bits will rise to 129. |
| format | Article |
| id | doaj-art-4b2df4121457402d9a46aea815eeaf4b |
| institution | DOAJ |
| issn | 2523-3246 |
| language | English |
| publishDate | 2025-03-01 |
| publisher | SpringerOpen |
| record_format | Article |
| series | Cybersecurity |
| spelling | doaj-art-4b2df4121457402d9a46aea815eeaf4b2025-08-20T03:05:52ZengSpringerOpenCybersecurity2523-32462025-03-018111210.1186/s42400-024-00302-zIntegral cryptanalysis on reduce-round SAILFISH-IYanjun Li0Lixian Zhang1Yiping Lin2Jian Liu3Yani Sun4Information Industry Information Security Evaluation Center, The 15th Research Institute of China Electronic Technology Group CorporationBeijing Electronic Science and Technology InstituteBeijing Electronic Science and Technology InstituteInformation Industry Information Security Evaluation Center, The 15th Research Institute of China Electronic Technology Group CorporationYunnan Key Laboratory of Blockchain Application TechnologyAbstract SAILFISH-I, first proposed by Agarwal et al. in 2022, is a lightweight block cipher with a typical Feistel structure, which is evaluated for the first time in this paper for its resistance to integral cryptanalysis. Firstly, the S-box and the overall structure are modeled based on the MILP method. We can find 11-round integral distinguishers for SAILFISH-I, which further reduces the number of active bits to find 10-round integral distinguishers with 57 active bits. Secondly, one round is added in front of the distinguisher and three rounds are added at the back, while the partial sum technique is used for the first time to recover the key of SAILFISH-I for 14-round. In the whole process of integral attack, the required data complexity is adding one round in front of the distinguisher and three rounds at the same time, using the partial sum technique. For the key recovery of SAILFISH-I for the first time, the required data complexity is $$2^{59}$$ 2 59 chosen plaintexts, the time complexity is $$2^{59.42}$$ 2 59.42 times 14-round of encryption, and the memory complexity is $$2^{57}$$ 2 57 . Finally, based on the 14-round key recovery attack, the guessing order of key bits is optimized, and the 18-round key recovery attack on SAILFISH-I is completed for the first time. Throughout the integral attack process, we recover 97 bits of key with $$2^{61.64}$$ 2 61.64 chosen plaintexts and $$2^{147.06}$$ 2 147.06 time complexity of the 18-round encryption. Moreover, if we can use the balanced bits fully, then the number of recoverable key bits will rise to 129.https://doi.org/10.1186/s42400-024-00302-zSAILFISH-IIntegral distinguisherKey recovery attackPartial sum |
| spellingShingle | Yanjun Li Lixian Zhang Yiping Lin Jian Liu Yani Sun Integral cryptanalysis on reduce-round SAILFISH-I Cybersecurity SAILFISH-I Integral distinguisher Key recovery attack Partial sum |
| title | Integral cryptanalysis on reduce-round SAILFISH-I |
| title_full | Integral cryptanalysis on reduce-round SAILFISH-I |
| title_fullStr | Integral cryptanalysis on reduce-round SAILFISH-I |
| title_full_unstemmed | Integral cryptanalysis on reduce-round SAILFISH-I |
| title_short | Integral cryptanalysis on reduce-round SAILFISH-I |
| title_sort | integral cryptanalysis on reduce round sailfish i |
| topic | SAILFISH-I Integral distinguisher Key recovery attack Partial sum |
| url | https://doi.org/10.1186/s42400-024-00302-z |
| work_keys_str_mv | AT yanjunli integralcryptanalysisonreduceroundsailfishi AT lixianzhang integralcryptanalysisonreduceroundsailfishi AT yipinglin integralcryptanalysisonreduceroundsailfishi AT jianliu integralcryptanalysisonreduceroundsailfishi AT yanisun integralcryptanalysisonreduceroundsailfishi |