Slender-Set Differential Cryptanalysis

Julia Borghoff, Lars R. Knudsen, Gregor Leander, Sören S. Thomsen

Journal of Cryptology January 2013, Volume 26, Issue 1, pp 11-38


This paper considers PRESENT-like ciphers with key-dependent S-boxes. We focus on the setting where the same selection of S-boxes is used in every round. One particular variant with 16 rounds, proposed in 2009, is broken in practice in a chosen plaintext/chosen ciphertext scenario. Extrapolating these results suggests that up to 28 rounds of such ciphers can be broken. Furthermore, we outline how our attack strategy can be applied to an extreme case where the S-boxes are chosen uniformly at random for each round, and where the bit permutation is key-dependent as well.


Tags: block cipher, differential cryptanalysis, PRESENT, Symmetric key