Practical Attack on 8 Rounds of the Lightweight Block Cipher KLEIN
The authors presented practical, experimentally verified attacks on the lightweight cipher KLEIN-64 reduced to up to 8 rounds, out of 12 in total. Their attack is made possible by a high-probability differential described as a large collection of differential characteristics. Their results suggest that combining a 4-bit Sbox (as used in Serpent) with the byte-oriented MixColumn linear layer (as used in Rijndael/AES) is not an optimal strategy, as far as security is concerned. This paper is the first third-party analysis of KLEIN published, to their best knowledge. Future works may seek to extend their attacks to more rounds of KLEIN.