AI Chat Paper
Note: Please note that the following content is generated by AMiner AI. SciOpen does not take any responsibility related to this content.
{{lang === 'zh_CN' ? '文章概述' : 'Summary'}}
{{lang === 'en_US' ? '中' : 'Eng'}}
Chat more with AI
PDF (994.9 KB)
Collect
Submit Manuscript AI Chat Paper
Show Outline
Outline
Show full outline
Hide outline
Outline
Show full outline
Hide outline
Open Access

Integral Attack on the Full FUTURE Block Cipher

School of Cyber Science and Technology, Shandong University, Qingdao 266237, China, and Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Qingdao 266237, China
School of Physical and Mathematical Sciences, Nanyang Technological University, Singapore 639798, Singapore
Quan Cheng Laboratory, Jinan 250100, China
Show Author Information

Abstract

FUTURE is a recently proposed lightweight block cipher that achieved a remarkable hardware performance due to careful design decisions. FUTURE is an Advanced Encryption Standard (AES)-like Substitution-Permutation Network (SPN) with 10 rounds, whose round function consists of four components, i.e., SubCell, MixColumn, ShiftRow, and AddRoundKey. Unlike AES, it is a 64-bit-size block cipher with a 128-bit secret key, and the state can be arranged into 16 cells. Therefore, the operations of FUTURE including its S-box is defined over F24. The previous studies have shown that the integral properties of 4-bit S-boxes are usually weaker than larger-size S-boxes, thus the number of rounds of FUTURE, i.e., 10 rounds only, might be too aggressive to provide enough resistance against integral cryptanalysis. In this paper, we mount the integral cryptanalysis on FUTURE. With state-of-the-art detection techniques, we identify several integral distinguishers of 7 rounds of FUTURE. By extending this 7-round distinguisher by 3 forward rounds, we manage to recover all the 128 bits secret keys from the full FUTURE cipher without the full codebook for the first time. To further achieve better time complexity, we also present a key recovery attack on full FUTURE with full codebook. Both attacks have better time complexity than existing results.

References

[1]
K. C. Gupta, S. K. Pandey, and S. Samanta, FUTURE: A lightweight block Cipher using an optimal diffusion matrix, in Progress in Cryptology - AFRICACRYPT 2022, L. Batina and J. Daemen, eds. Cham, Switzerland: Springer, vol. 13503, 2022, pp. 28–52.
[2]
M. B. İlter and A. A. Selçuk, MILP-aided cryptanalysis of the FUTURE block cipher, in Innovative Security Solutions for Information Technology and Communications, G. Bella, M. Doinea, and H. Janicke, eds. Cham, Switzerland: Springer Nature, 2023, pp. 153–167.
[3]

A. Schrottenloher and M. Stevens, Simplified modeling of MITM attacks for block ciphers: New (quantum) attacks, IACR Trans. Symmetric Cryptol., pp. 146–183, 2023.

[4]
J. Daemen, L. Knudsen, and V. Rijmen, The block cipher Square, in Fast Software Encryption, E. Biham, ed. Haifa, Israel: Springer, vol. 1267, 1997.
[5]
L. R. Knudsen and D. A. Wanger, Integral Cryptanalysis, in Fast Software Encryption, J. Daemen and V. Rijmen, eds. leuven, Belgium: Springer, vol. 2365, 2002.
[6]
Y. Todo, Structural evaluation by generalized integral property, in Advances in Cryptology -- EUROCRYPT 2015, E. Oswald and M. Fischlin, eds. Sofia, Bulgaria: Springer, 2015, pp. 287–314.
[7]

Y. Todo, Integral Cryptanalysis on Full MISTY1, J. Cryptol., vol. 30, pp. 920–959, 2017.

[8]
Y. Todo and M. Morii, Bit-based division property and application to Simon family, in Fast Software Encryption, T. Peyrin, ed. Bochum, Germany: Springer, vol. 9783, 2016.
[9]
Q. Wang, Y. Hao, Y. Todo, C. Li, T. Isobe, and W. Meier, Improved division property based cube attacks exploiting algebraic properties of superpoly, in Advances in Cryptology – CRYPTO 2018, H. Shacham and A. Boldyreva, eds. Cham, Switzerland: Springer, 2018, pp. 275–305.
[10]

Y. Hao, G. Leander, W. Meier, Y. Todo, and Q. J. Wang, Modeling for three-subset division property without unknown subset, J. Cryptol., vol. 34, no. 22, 2021.

[11]
P. Hebborn, B. Lambin, G. Leander, and Y. Todo, Lower bounds on the degree of block ciphers, in Advances in Cryptology – ASIACRYPT 2020, S. Moriai and H. Wang, eds. Cham, Switzerland: Springer, 2020, pp. 537–566.
[12]
K. Hu, S. Sun, M. Wang, and Q. Wang, An algebraic formulation of the division property: Revisiting degree evaluations, cube attacks, and key-independent sums, in Advances in Cryptology – ASIACRYPT 2020, S. Moriai and H. Wang, eds. Cham, Switzerland: Springer, 2020, pp. 446–476.
[13]
Z. Xiang, W. Zhang, Z. Bao, and D. Lin, Applying MILP method to searching integral distinguishers based on division property for 6 lightweight block ciphers, in Advances in Cryptology – ASIACRYPT 2016, J. Cheon and T. Takagi, eds. Berlin, Germany: Springer, 2016, pp. 648–678.
[14]
S. A. Cook, M. A. Harrison, R. B. Banerji, J. D. Ullman, The complexity of theorem-proving procedure, in Proc. 3rd Annual ACM Symposium on Theory of Computing, Shaker Heights, New York, NY, USA, pp. 151–158, 1971.
[15]
C. W. Barrett, R. Sebastiani, S. A. Seshia, C. Tinelli, Satisfiability modulo theories, in Handbook of Model Checking, E. Clarke, T. Henzinger, H. Veith, and R. Bloem, eds. Cham, Switzerland: Springer, vol. 185, pp. 825–885
[16]
K. Hu and M. Wang, Automatic search for a variant of division property using three subsets, in Topics in Cryptology – CT-RSA 2019, M. Matsui, ed. Cham, Switzerland: Springer, 2019, pp. 412–432.
[17]
L. Sun, W. Wang, and M. Wang, Automatic search of bit-based division property for ARX ciphers and word-based division property, in Advances in Cryptology – ASIACRYPT 2017, T. Takagi and T. Peyrin, eds. Cham, Switzerland: Springer, 2017, pp. 128–157.
[18]

L. Sun, W. Wang, and M. Q. Wang, MILP-aided bit-based division property for primitives with non-bit-permutation linear layers, IET Inf. Secur., vol. 14, no. 1, pp. 12–20, 2020.

[19]

W. Zhang and V. Rijmen, Division cryptanalysis of block ciphers with a binary diffusion layer, IET Inf. Secur., vol. 13, no. 2, pp. 87–95, 2019.

[20]

K. Hu, Q. Wang, and M. Wang, Finding bit-based division property for ciphers with complex linear layers, IACR Trans. Symmetric Cryptol., pp. 396–424, 2020.

Tsinghua Science and Technology
Pages 161-170
Cite this article:
Xu Z, Cui J, Hu K, et al. Integral Attack on the Full FUTURE Block Cipher. Tsinghua Science and Technology, 2025, 30(1): 161-170. https://doi.org/10.26599/TST.2024.9010007

220

Views

26

Downloads

1

Crossref

0

Web of Science

0

Scopus

0

CSCD

Altmetrics

Received: 05 November 2023
Accepted: 22 December 2023
Published: 04 June 2024
© The Author(s) 2025.

The articles published in this open access journal are distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/).

Return