Redefining Security in Shadow Cipher for IoT Nodes: New Full-Round Practical Distinguisher and the Infeasibility of Key-Recovery Attacks

Sunyeop Kim, Myoungsu Shin, Seonkyu Kim, Hanbeom Shin, Insung Kim, Donggeun Kwon, Dongjae Lee, Seonggyeom Kim, Deukjo Hong, Jaechul Sung, Seokhie Hong

Research output: Contribution to journalArticlepeer-review

Abstract

Shadow is a block cipher for IoT Nodes proposed in the IEEE IoT Journal in 2021. The primary design principle of Shadow is the adoption of a variant 4-branch Feistel structure to ensure a fast diffusion. We refer to this structure as the Shadow structure and prove that it is almost identical to the Feistel structure, which invalidates the design principle. We also present a new structural distinguisher that can distinguish the Shadow structure from a random permutation with only two plaintext/ciphertext pairs. Additionally, we demonstrate that the key-recovery attacks utilizing the impossible differential proposed by Liu et al. in the Cybersecurity Journal in 2023 and the integral characteristic proposed by Mirzaie et al. in the IEEE IoT Journal are infeasible. Instead, we extend our distinguisher to a key-recovery attack using only one plaintext/ciphertext pair by exploiting the key schedule. Moreover, upon investigating Shadow's round function, we observe that only specific forms of monomials can appear in the ciphertext, leading to an integral distinguisher involving four plaintext/ciphertext pairs. Notably, the algebraic degree does not exceed 12 for Shadow-32 and 20 for Shadow-64, regardless of the number of rounds used. Our results show that Shadow is highly vulnerable to algebraic attacks, emphasizing the need for careful consideration of algebraic attacks when incorporating AND, rotation, and XOR operations in cipher design.

Original languageEnglish
JournalIEEE Internet of Things Journal
DOIs
StateAccepted/In press - 2024

Keywords

  • algebraic attack
  • Block cipher
  • cube attack

Fingerprint

Dive into the research topics of 'Redefining Security in Shadow Cipher for IoT Nodes: New Full-Round Practical Distinguisher and the Infeasibility of Key-Recovery Attacks'. Together they form a unique fingerprint.

Cite this