Self-similarity cryptanalysis of the block cipher ITUbee

摘要

Recent developments in the resource constrained devices have led to a renewed interest in designing light-weight primitives with inventive and unconventional structures. Using round-dependent constants instead of a strong key schedule is one of the most widely used trick against the self-similarity cryptanalysis in recent cipher proposals. So far there has been little discussion about the effect of the round constants on the security of the ciphers. In this study, the authors identify several weaknesses in round-reduced versions of the block cipher ITUbee, which was presented recently at LightSec 2013. These weaknesses allow to build relations between the round constants. The author's technique leads to several cryptanalysis in the weak-key, related-key and single-key models and shows that the resistance of ITUbee against self-similarity cryptanalysis is not independent of the values of round constants. They show that the round-reduced cipher under a fraction of the keys is distinguishable from an ideal random permutation. Then they utilise a similar technique to show there exists a deterministic related-key differential distinguisher for up to eight rounds of the cipher. This observation leads to the decrease of the security of 8-round ITUbee in the single-key model by one bit.