Real-Time Related-Key Attack on Full-Round Shadow Designed for IoT Nodes

With the rapid development of the Internet of Things (IoT), many new lightweight block ciphers are designed in recent years to meet the security demand in IoT devices. Shadow is a lightweight block cipher designed for IoT Nodes (IEEE Internet of Things Journal, 2021). In this article, an efficient attack on full-round Shadow is proposed based on the idea of a related-key differential attack. First, a differential transfer property for AND operation is illustrated. This property demonstrates a link between the difference and the input value. If the difference of the input is not zero, to lead to a zero difference, there are some constraints on the input value. Furthermore, two properties for Shadow family ciphers are identified. According to these properties, some related keys on Shadow will lead to an internal collision for the subkey generator, which will eventually lead to a full-round distinguisher. Finally, with the idea of related-key differential attack, an efficient attack is applied to Shadow. For Shadow-32, with 4 related keys, 8 master key bits can be derived in about 0.044 seconds on average. For Shadow-64, with 4 related keys, 24 master key bits can be derived in about 3.9 hours on average. All our theoretical results are verified by experiments.