Cryptanalysis of Round-Reduced PRINCE and TWINE

NXP Semiconductors and its academic partners challenged the cryptographic community with finding practical attacks on the block cipher they designed, PRINCE. In the first part of this talk we present new attacks on round-reduced PRINCE including the ones which won the challenge in the 6 and 8-round categories --- the highest for which winners were identified. Our first attacks rely on a meet-in-the-middle approach and break up to 10 rounds of the cipher. We also describe heuristic methods we used to find practical SAT-based and differential attacks. Finally, we also present an analysis of the cycle structure of the internal rounds of PRINCE leading both to a low complexity distinguisher for 4-round PRINCE-core and an alternative representation of the cipher valid in particular contexts and which highlights, in this cases, a poor diffusion. In the second part of the talk we present two new attacks on TWINE-128 reduced to 25 rounds that have a slightly higher overall complexity than the 25-round attack presented by Wang and Wu at ACISP 2014, but a lower data complexity. Finally, we will introduce an alternative representations of both the round function of this block cipher and of a sequence of 4 rounds which highlights how close TWINE and LBlock are.