Related-Key Impossible Differential Cryptanalysis on LBlock

LBlock is a lightweight block cipher aiming at constrained resources, which was proposed in ACNS 2011. It is known that 14 round differential rules and 15 round related-key differential rules have been proposed not long ago, based on which the best results using impossible differential attack on LBlock reach to the maximum round of 22. To analyze the impossible differential property of LBlock cipher, combining with the characteristic of the key schedule and structure of round function, four 15-round related-key differential rules are constructed. Then, using the differential rule to extend the 4-round forward, and 3-round afterward, 22-round LBlock is proposed. On the basis of the existing related-key impossible differential attack, the S-boxes in the round function are discussed, and two kinds of related-key differential rules are applied. Based on the technology of partial key-byte guessing to reduce the time complexity, it is show that the attack on 22-round requires the data complexity of 2\+61 chosen plaintexts and time complexity of 2\+59.58 22-round encryptions.