TY - JOUR
T1 - Row, Row, Row Your Boat
T2 - How to Not Find Weak Keys in Pilsung
AU - Chuengsatiansup, Chitchanok
AU - Ronen, Eyal
AU - Rose, Gregory G.
AU - Yarom, Yuval
N1 - Publisher Copyright:
© 2022 The Author(s).
PY - 2023/6/1
Y1 - 2023/6/1
N2 - The Pilsung cipher is part of the North Korean Red Star operating system, which was leaked to the West in 2014. Initial analysis by Kryptos Logic reported a possibility of a class of weak keys due to the use of pseudo-random diffusion. Following this lead, we analyzed the cipher and identified a small class of such weak keys. We developed techniques for searching for a key that belongs to the class. After spending thousands of CPU hours, we found a supposedly weak key for a slightly weaker version of Pilsung, but the key did not behave as we expected. On further investigation we found out a crucial misunderstanding in a critical part of the cipher and that no such class of weak keys exists in Pilsung. Thus, this paper makes two main contributions to the art of cryptanalysis. First, it identifies and shows how to investigate a potential weakness in randomizing diffusion, which although does not exist in Pilsung, may affect future designs. Second, it highlights the need for early verification of results in order to identify errors before expending significant resources.
AB - The Pilsung cipher is part of the North Korean Red Star operating system, which was leaked to the West in 2014. Initial analysis by Kryptos Logic reported a possibility of a class of weak keys due to the use of pseudo-random diffusion. Following this lead, we analyzed the cipher and identified a small class of such weak keys. We developed techniques for searching for a key that belongs to the class. After spending thousands of CPU hours, we found a supposedly weak key for a slightly weaker version of Pilsung, but the key did not behave as we expected. On further investigation we found out a crucial misunderstanding in a critical part of the cipher and that no such class of weak keys exists in Pilsung. Thus, this paper makes two main contributions to the art of cryptanalysis. First, it identifies and shows how to investigate a potential weakness in randomizing diffusion, which although does not exist in Pilsung, may affect future designs. Second, it highlights the need for early verification of results in order to identify errors before expending significant resources.
KW - AES
KW - Pilsung
KW - differential analysis
KW - weak keys
UR - http://www.scopus.com/inward/record.url?scp=85163830734&partnerID=8YFLogxK
U2 - 10.1093/comjnl/bxac092
DO - 10.1093/comjnl/bxac092
M3 - ???researchoutput.researchoutputtypes.contributiontojournal.article???
AN - SCOPUS:85163830734
SN - 0010-4620
VL - 66
SP - 1335
EP - 1341
JO - Computer Journal
JF - Computer Journal
IS - 6
ER -