Unbalanced Biclique Cryptanalysis of Full-Round GIFT.

GIFT is a family of lightweight block ciphers presented at CHES 2017. Biclique cryptanalysis is proposed to attack the full AES by Bogdanov et al. in ASIACRYPT 2011. The attack can decrease computation complexity using the technology of meet-in-the-middle and reduce data complexity utilising the biclique structure. In this paper, we first provide an unbalanced biclique attack on full round GIFT. The master key has been recovered for the full round GIFT-64 by a 5-round 4 x 16 unbalanced biclique with data complexity of 216 and time complexity of 2122 :95. Furthermore, a 4-round 8 x 24 unbalanced biclique is constructed on GIFT-128 to recover the master key with data complexity of 280 and computational complexity of 2118 :38, respectively. The research results show GIFT algorithm has weak immunity to biclique cryptanalysis.