Structure attack on full-round DBST

Lightweight block ciphers, such as DBST, have become more and more important in Internet of Things (IoT) environment due to their easy software implementation, low resource consumption, ease of standardization and high security. However, in DBST, by finding (2⁶⁴-1) differential characteristics with probability 1 for full-round DBST, we implement a structure attack on DBST. If the attacker knows one plaintext-ciphertext pair, then he/she can deduce (2⁶⁴-1) plaintext-ciphertext pairs without querying encryption engine. This is fatal for information communicator.
To solve the problems, a research team led by Chenhao JIA published their new research on 15 August 2024 in Frontiers of Computer Science co-published by Higher Education Press and Springer Nature.
The team proposed a modification version of DBST both on linear part and nonlinear part.
In the research, they analyze the reason why DBST suffers from structure attack. Firstly, the circular shift becomes ineffective when the bits within a byte are all 1 or all 0. Secondly, the Subcolumns is nonlinear layer and five XORs can't efficiently propagate the iterative differential characteristics to other branches, at least one of these XOR operations should be nonlinear. Thus they modificated DBST both on linear part and nonlinear part. On linear part, they altered the value of Function  and , and introduce two circular left shift on  and  branch. On nonlinear part, they replaced the XOR before Subcolumns with modulo addition. Compared to the original version of DBST, the modification version of DBST can resist structure attack, and has better diffusion performance.
Future work can focus on finding more generic method to design ciphers of Lai-Massey structure to avoid structure attack.
DOI: 10.1007/s11704-024-3438-0