Copy

@ARTICLE{e101-a_5_859,
author={Ahmed ABDELKHALEK, Mohamed TOLBA, Amr M. YOUSSEF, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={Related-Key Differential Attack on Round-Reduced Bel-T-256},
year={2018},
volume={E101-A},
number={5},
pages={859-862},
abstract={Bel-T is the national block cipher encryption standard of the Republic of Belarus. It operates on 128-bit blocks and uses either 128, 192 or 256-bit keys. Bel-T combines a Feistel network with a Lai-Massey scheme and it has a complex round function with 7 S-box layers. In this work, we use a Mixed Integer Linear Programming (MILP) approach to find a a related-key differential characteristic that extends for 4 rounds and 5 S-box layers ($4 rac{5}{7}$ rounds) with probability higher than 2^-128. To build an MILP model of Bel-T that a solver can practically handle, we use a partial Difference Distribution Table (DDT) based on the Hamming weight of the input and output differences. The identified differential characteristic is used to mount a key recovery attack on 5 rounds and 6 S-box layers ($5 rac{6}{7}$ out of 8 rounds) of Bel-T-256 with 2^123.28 chosen plaintexts and 2^228.4 encryptions. According to the best of our knowledge, this is the first public cryptanalysis of Bel-T in the black-box attack model.},
keywords={},
doi={10.1587/transfun.E101.A.859},
ISSN={1745-1337},
month={May},}

Copy

TY - JOUR
TI - Related-Key Differential Attack on Round-Reduced Bel-T-256
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 859
EP - 862
AU - Ahmed ABDELKHALEK
AU - Mohamed TOLBA
AU - Amr M. YOUSSEF
PY - 2018
DO - 10.1587/transfun.E101.A.859
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E101-A
IS - 5
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - May 2018
AB - Bel-T is the national block cipher encryption standard of the Republic of Belarus. It operates on 128-bit blocks and uses either 128, 192 or 256-bit keys. Bel-T combines a Feistel network with a Lai-Massey scheme and it has a complex round function with 7 S-box layers. In this work, we use a Mixed Integer Linear Programming (MILP) approach to find a a related-key differential characteristic that extends for 4 rounds and 5 S-box layers ($4 rac{5}{7}$ rounds) with probability higher than 2^-128. To build an MILP model of Bel-T that a solver can practically handle, we use a partial Difference Distribution Table (DDT) based on the Hamming weight of the input and output differences. The identified differential characteristic is used to mount a key recovery attack on 5 rounds and 6 S-box layers ($5 rac{6}{7}$ out of 8 rounds) of Bel-T-256 with 2^123.28 chosen plaintexts and 2^228.4 encryptions. According to the best of our knowledge, this is the first public cryptanalysis of Bel-T in the black-box attack model.
ER -