Update on Analysis of Lesamnta-LW and New PRF Mode LRF

Shoichi HIROSE  Yu SASAKI  Hirotaka YOSHIDA  

Publication
IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences   Vol.E104-A   No.9   pp.1304-1320
Publication Date: 2021/09/01
Publicized: 2021/03/16
Online ISSN: 1745-1337
DOI: 10.1587/transfun.2020EAP1109
Type of Manuscript: PAPER
Category: Cryptography and Information Security
Keyword: 
Lesamnta-LW,  differential cryptanalysis,  MILP,  PRF,  modes,  standard model,  ideal cipher model,  

Full Text: PDF>>
Buy this Article




Summary: 
We revisit the design of Lesamnta-LW, which is one of the three lightweight hash functions specified in ISO/IEC 29192-5:2016. Firstly, we present some updates on the bounds of the number of active S-boxes for the underlying 64-round block cipher. While the designers showed that the Viterbi algorithm ensured 24 active S-boxes after 24 rounds, our tool based on Mixed Integer Linear Programming (MILP) in the framework of Mouha et al. ensures the same number of active S-boxes only after 18 rounds. The tool completely evaluates the tight bound of the number of active S-boxes, and it shows that the bound is 103 for full (64) rounds. We also analyze security of the Shuffle operation in the round function and resistance against linear cryptanalysis. Secondly, we present a new mode for a pseudorandom function (PRF) based on Lesamnta-LW. It is twice as efficient as the previous PRF modes based on Lesamnta-LW. We prove its security both in the standard model and the ideal cipher model.