{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,12]],"date-time":"2025-10-12T03:31:03Z","timestamp":1760239863224,"version":"build-2065373602"},"reference-count":21,"publisher":"MDPI AG","issue":"1","license":[{"start":{"date-parts":[[2019,1,10]],"date-time":"2019-01-10T00:00:00Z","timestamp":1547078400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100004281","name":"Narodowe Centrum Nauki","doi-asserted-by":"publisher","award":["DEC-2014\/15\/B\/ST6\/05130","2016\/21\/N\/HS4\/00258"],"award-info":[{"award-number":["DEC-2014\/15\/B\/ST6\/05130","2016\/21\/N\/HS4\/00258"]}],"id":[{"id":"10.13039\/501100004281","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Cryptography"],"abstract":"<jats:p>In this work, we focus on LS-design ciphers Fantomas, Robin, and iSCREAM. LS-designs are a family of bitslice ciphers aimed at efficient masked implementations against side-channel analysis. We have analyzed Fantomas and Robin with a technique that previously has not been applied to both algorithms or linear cryptanalysis. The idea behind linear cryptanalysis is to build a linear characteristic that describes the relation between plaintext and ciphertext bits. Such a relationship should hold with probability 0.5 (bias is zero) for a secure cipher. Therefore, we try to find a linear characteristic between plaintext and ciphertext where bias is not equal to zero. This non-random behavior of cipher could be converted to some key-recovery attack. For Fantomas and Robin, we find 5 and 7-round linear characteristics. Using these characteristics, we attack both the ciphers with reduced rounds and recover the key for the same number of rounds. We also apply linear cryptanalysis to the famous CAESAR candidate iSCREAM and the closely related LS-design Robin. For iScream, we apply linear cryptanalysis to the round-reduced cipher and find a 7-round best linear characteristics. Based on those linear characteristics we extend the path in the related-key scenario for a higher number of rounds.<\/jats:p>","DOI":"10.3390\/cryptography3010004","type":"journal-article","created":{"date-parts":[[2019,1,11]],"date-time":"2019-01-11T04:10:16Z","timestamp":1547179816000},"page":"4","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":12,"title":["Cryptanalysis of Round-Reduced Fantomas, Robin and iSCREAM"],"prefix":"10.3390","volume":"3","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-8010-6275","authenticated-orcid":false,"given":"Ashutosh Dhar","family":"Dwivedi","sequence":"first","affiliation":[{"name":"Institute of Computer Science, Polish Academy of Sciences, 01-248 Warsaw, Poland"},{"name":"Department of Mathematics and Computer Science, Brandon University, Brandon, MB R7A 6A9, Canada"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2173-1999","authenticated-orcid":false,"given":"Shalini","family":"Dhar","sequence":"additional","affiliation":[{"name":"Department of Electronics and Communication, University of Allahabad, Allahabad 211002, India"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9851-4103","authenticated-orcid":false,"given":"Gautam","family":"Srivastava","sequence":"additional","affiliation":[{"name":"Department of Mathematics and Computer Science, Brandon University, Brandon, MB R7A 6A9, Canada"},{"name":"Research Center for Interneural Computing, China Medical University, Taichung 40402, Taiwan"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9997-5830","authenticated-orcid":false,"given":"Rajani","family":"Singh","sequence":"additional","affiliation":[{"name":"Institute of Computer Science, Polish Academy of Sciences, 01-248 Warsaw, Poland"},{"name":"Faculty of Mathematics, Informatics and Mechanics, University of Warsaw, 02-097 Warsaw, Poland"}]}],"member":"1968","published-online":{"date-parts":[[2019,1,10]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Helleseth, T. (1994). Linear Cryptanalysis Method for DES Cipher. Advances in Cryptology\u2014EUROCRYPT \u201993, Springer.","DOI":"10.1007\/3-540-48285-7"},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"319","DOI":"10.1007\/s10623-016-0268-6","article-title":"Joint data and key distribution of simple, multiple, and multidimensional linear cryptanalysis test statistic and its impact to data complexity","volume":"82","author":"Blondeau","year":"2017","journal-title":"Des. Codes Cryptogr."},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Grosso, V., Leurent, G., Standaert, F., and Varici, K. (2014). LS-Designs: Bitslice Encryption for Efficient Masked Software Implementations FSE, Springer. Lecture Notes in Computer Science.","DOI":"10.1007\/978-3-662-46706-0_2"},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"588","DOI":"10.1007\/s00145-010-9073-y","article-title":"Tweakable Block Ciphers","volume":"24","author":"Liskov","year":"2011","journal-title":"J. Cryptol."},{"key":"ref_5","unstructured":"(2019, January 09). CAESAR: Competition for Authenticated Encryption: Security, Applicability, and Robustness. Available online: http:\/\/competitions.cr.yp.to\/caesar.html."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"863","DOI":"10.1587\/transfun.E101.A.863","article-title":"Impossible Differential Cryptanalysis of Fantomas and Robin","volume":"E101.A","author":"Shen","year":"2018","journal-title":"IEICE Trans. Fundam. Electron. Commun. Comput. Sci."},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1016\/j.ipl.2018.03.010","article-title":"Differential-linear and related key cryptanalysis of round-reduced scream","volume":"136","author":"Dwivedi","year":"2018","journal-title":"Inf. Process. Lett."},{"key":"ref_8","unstructured":"Dwivedi, A.D., Morawiecki, P., and W\u00f3jtowicz, S. (2017, January 24\u201326). Differential-linear and Impossible Differential Cryptanalysis of Round-reduced Scream. Proceedings of the 14th International Joint Conference on e-Business and Telecommunications\u2014Volume 6: SECRYPT (ICETE 2017), Madrid, Spain."},{"key":"ref_9","unstructured":"Oswald, E., and Fischlin, M. (2015). A Generic Approach to Invariant Subspace Attacks: Cryptanalysis of Robin, iSCREAM and Zorro. Advances in Cryptology\u2014EUROCRYPT 2015, Springer."},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Todo, Y., Leander, G., and Sasaki, Y. (2018). Nonlinear Invariant Attack: Practical Attack on Full SCREAM, iSCREAM, and Midori64. J. Cryptol., 1\u201340.","DOI":"10.1007\/s00145-018-9285-0"},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"75834","DOI":"10.1109\/ACCESS.2018.2883690","article-title":"Cryptanalysis of a Chaotic Image Encryption Algorithm Based on Information Entropy","volume":"6","author":"Li","year":"2018","journal-title":"IEEE Access"},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Li, C., Lin, D., L\u00fc, J., and Hao, F. (2018). Cryptanalyzing an image encryption algorithm based on autoblocking and electrocardiography. IEEE MultiMedia.","DOI":"10.1109\/MMUL.2018.2873472"},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Dhar Dwivedi, A., Morawiecki, P., and W\u00f3jtowicz, S. (2017, January 24\u201326). Differential and Rotational Cryptanalysis of Round-reduced MORUS. Proceedings of the 14th International Joint Conference on e-Business and Telecommunications\u2014Volume 6: SECRYPT, ICETE, Madrid, Spain.","DOI":"10.5220\/0006411502750284"},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Dwivedi, A.D., Klou\u010dek, M., Morawiecki, P., Nikoli\u0107, I., Pieprzyk, J., and W\u00f3jtowicz, S. (2017, January 24\u201326). SAT-based Cryptanalysis of Authenticated Ciphers from the CAESAR Competition. Proceedings of the 14th International Joint Conference on e-Business and Telecommunications\u2014Volume 6: SECRYPT, ICETE, Madrid, Spain.","DOI":"10.5220\/0006387302370246"},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Dwivedi, A.D., and Srivastava, G. (2018). Differential Cryptanalysis of Round-Reduced LEA. IEEE Access.","DOI":"10.1109\/ACCESS.2018.2881130"},{"key":"ref_16","first-page":"899","article-title":"Differential cryptanalysis in ARX ciphers, Application to SPECK","volume":"2018","author":"Dwivedi","year":"2018","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"ref_17","first-page":"147","article-title":"Finding Differential Paths in ARX Ciphers through Nested Monte-Carlo Search","volume":"64","author":"Dwivedi","year":"2018","journal-title":"Int. J. Electron. Telecommun."},{"key":"ref_18","unstructured":"Dhall, S., Pal, S.K., and Sharma, K. (2018). A chaos-based probabilistic block cipher for image encryption. J. King Saud Univ. Comput. Inf. Sci."},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"22","DOI":"10.1016\/j.sigpro.2017.12.021","article-title":"Cryptanalysis of image encryption scheme based on a new 1D chaotic system","volume":"146","author":"Dhall","year":"2018","journal-title":"Signal Process."},{"key":"ref_20","unstructured":"Dwivedi, A.D., and Srivastava, G. (2019, January 09). Differential Cryptanalysis in ARX Ciphers with Specific Applications to LEA. Cryptology ePrint Archive, Report 2018\/898, 2018. Available online: https:\/\/eprint.iacr.org\/2018\/898."},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"189","DOI":"10.1080\/0161-110291890885","article-title":"A Tutorial on Linear and Differential Cryptanalysis","volume":"26","author":"Heys","year":"2002","journal-title":"Cryptologia"}],"container-title":["Cryptography"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2410-387X\/3\/1\/4\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T12:24:51Z","timestamp":1760185491000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2410-387X\/3\/1\/4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,1,10]]},"references-count":21,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2019,3]]}},"alternative-id":["cryptography3010004"],"URL":"https:\/\/doi.org\/10.3390\/cryptography3010004","relation":{},"ISSN":["2410-387X"],"issn-type":[{"type":"electronic","value":"2410-387X"}],"subject":[],"published":{"date-parts":[[2019,1,10]]}}}