Improved Integral Attack on HIGHT

Yosuke TODO
Takanori ISOBE
Masakatu MORII

IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences   Vol.E102-A    No.9    pp.1259-1271
Publication Date: 2019/09/01
Online ISSN: 1745-1337
DOI: 10.1587/transfun.E102.A.1259
Type of Manuscript: PAPER
Category: Cryptography and Information Security
block cipher,  HIGHT,  integral attack,  division property,  MILP,  

Full Text: PDF(1.6MB)>>
Buy this Article

HIGHT is a 64-bit block lightweight cipher, which adopts the ARX-based generalized Feistel network, and it accepts a 128-bit key. It is a standard encryption algorithm in South Korea and also is internationally standardized by ISO/IEC 18033-3. Therefore, many third-party cryptanalyses have been proposed against HIGHT. Impossible differential and integral attacks are applied to reduced-round HIGHT, and especially, the impossible differential attack causes the 27-round attack, which is the current best attack under the single-key setting. In this paper, we propose some improved integral attacks against HIGHT. We first apply the division property to HIGHT and find new 19-round integral characteristics, which are improved by two rounds compared with the previous best ones. We append 9-round key recovery to these characteristics and it enables us to attack 28-round HIGHT. Its time complexity is 2127.02 where 263 chosen plaintexts and 2117 memory are required. Moreover, we can attack 29-round HIGHT if the full codebook is used, where its time and memory complexities are 2126.07 and 2118, respectively. It improves by two rounds compared with the previous best attack.