Cryptanalysis of Reduced-Round GFRX-64

Alizadeh, Javad; Madadi, Bahman

doi:10.22042/isecure.2026.240517

Cryptanalysis of Reduced-Round GFRX-64

Articles in Press

Document Type : Research Article

Authors

Javad Alizadeh ¹

Bahman Madadi ²

¹ Fath Center, Faculty and Research Center of Computer, Imam Hossein University, Tehran, Iran.

² Faculty and Research Center of Computer, Imam Hossein University, Tehran, Iran.

10.22042/isecure.2026.240517

Abstract

In 2023, Zhang et al. introduced the lightweight block cipher family GFRX-b/k, offering various versions with different block (b) and key (k) lengths. Due to the similarity of the GFRX’s round function to that of the SIMON, the designers referenced the cryptanalysis conducted on the SIMON-32 and claimed that the GFRX-64/128, with higher than 19 and 13 rounds, is resistant to differential and linear cryptanalysis, respectively. In this paper, we examine the differential and linear cryptanalysis of GFRX-64/96 and GFRX-64/128. We first introduce baseline neural distinguishers for up to 7 rounds of the GFRX-64/96. Subsequently, we extend a 6-round neural distinguisher by adding 2 rounds to perform a key recovery attack, achieving an 8-round key rank analysis through a deep learning-based approach. Furthermore, we conduct an automated cryptanalysis of GFRX-64 using a SAT/SMT-based framework, identifying an 11-round differential distinguisher with a probability of 2−62, a 15-round linear distinguisher with a correlation of 2−30, and a 17-round linear hull with a correlation of 2−31.61. These results indicate that reducing the differential and linear cryptanalysis of the GFRX block cipher to the differential and linear cryptanalysis of the SIMON block cipher cannot yield accurate results or bounds. To the best of our knowledge, this work represents the first third-party cryptanalysis of the GFRX block cipher, offering new insights into its security.

Keywords

Lightweight block cipher

GFRX

Neural distinguisher

SAT/SMT-based cryptanalysis

Differential cryptanalysis

Linear cryptanalysis

[1] Ray Beaulieu, Douglas Shors, Jason Smith, Stefan Treatman-Clark, Bryan Weeks, and Louis Wingers. The simon and speck lightweight block ciphers. In Proceedings of the 52nd annual design automation conference, pages 1–6, 2015.

[2] Wen Chen, Lang Li, Ying Guo, and Ying Huang. Sand-2: An optimized implementation of lightweight block cipher. Integration, 91:23–34, 2023.

[3] Patricia Greene, Mark Motley, and Bryan Weeks. Aradi and llama: Low-latency cryptography for memory encryption. Cryptology ePrint Archive, 2024.

[4] Xing Zhang, Chenyang Shao, Tianning Li, Ye Yuan, and Changda Wang. Gfspx: an efficient lightweight block cipher for resource-constrained iot nodes. The Journal of Supercomputing, 80(17):25256–25282, 2024.

[5] Xingqi Yue, Lang Li, Qiuping Li, Jiahao Xiang, and Zhiwen Hu. Qlw: a lightweight block cipher with high diffusion. The Journal of Supercomputing, 81(1):224, 2025.

[6] Rashmi Sahay, Lingutla Lakshmi, and Zion Dodhiawala. Liteencrypt: A lightweight block cipher for secure communication in iot enabled sensor. Internet Technology Letters, page e613, 2024.

[7] Eli Biham and Adi Shamir. Differential cryptanalysis of des-like cryptosystems. Journal of CRYPTOLOGY, 4:3–72, 1991.

[8] Mitsuru Matsui. Linear cryptanalysis method for des cipher. In Workshop on the Theory and Application of of Cryptographic Techniques, pages 386–397. Springer, 1993.

[9] Eli Biham, Alex Biryukov, and Adi Shamir. Cryptanalysis of skipjack reduced to 31 rounds using impossible differentials. In Advances in Cryptology—EUROCRYPT’99: International Conference on the Theory and Application of Cryptographic Techniques Prague, Czech Republic, May 2–6, 1999 Proceedings 18, pages 12–23. Springer, 1999.

[10] Andrey Bogdanov and Meiqin Wang. Zero correlation linear cryptanalysis with reduced data complexity. In Fast Software Encryption: 19th International Workshop, FSE 2012, Washington, DC, USA, March 19-21, 2012. Revised Selected Papers, pages 29–48. Springer, 2012.

[11] Lars Knudsen and David Wagner. Integral cryptanalysis. In Fast Software Encryption: 9th International Workshop, FSE 2002 Leuven, Belgium, February 4–6, 2002 Revised Papers 9, pages 112– 127. Springer, 2002.

[12] David Wagner. The boomerang attack. In International Workshop on Fast Software Encryption, pages 156–170. Springer, 1999.

[13] Susan K Langford and Martin E Hellman. Differential-linear cryptanalysis. In Advances in Cryptology—CRYPTO’94: 14th Annual International Cryptology Conference Santa Barbara, California, USA August 21–25, 1994 Proceedings 14, pages 17–25. Springer, 1994.

[14] Atiyeh Mirzaie, Siavash Ahmadi, and Mohammad Reza Aref. Boomerang attacks on reducedround midori64. ISeCure, 15(2), 2024.

[15] Mehmet Emin G¨onen, Muhammed Said Gu¨ndo˘gan, and Kamil Otal. Integral Cryptanalysis of Reduced-Round SAND-64 Based on Bit-Based Division Property. ISeCure, 16(2), 2023.

[16] Navid Vafaei, Maryam Porkar, Hamed Ramzanipour, and Nasour Bagheri. Practical differential fault analysis on skinny. ISeCure, 14(3), 2022.

[17] Hamed Ramzanipour, Navid Vafaei, and Nasour Bagheri. Practical differential fault analysis on craft, a lightweight block cipher. ISeCure, 14(3), 2022.

[18] Zhuolong Zhang, Shiyao Chen, Wei Wang, and Meiqin Wang. Full round distinguishing and keyrecovery attacks on sand-2 (full version). Cryptology ePrint Archive, 2023.

[19] Javad Alizadeh, Hoda A Alkhzaimi, Mohammad Reza Aref, Nasour Bagheri, Praveen Gauravaram, Abhishek Kumar, Martin M Lauridsen, and Somitra Kumar Sanadhya. Cryptanalysis of simon variants with connections. In International Workshop on Radio Frequency Identification: Security and Privacy Issues, pages 90–107. Springer, 2014.

[20] Nicky Mouha, Qingju Wang, Dawu Gu, and Bart Preneel. Differential and linear cryptanalysis using mixed-integer linear programming. In Information Security and Cryptology: 7th International Conference, Inscrypt 2011, Beijing, China, November 30–December 3, 2011. Revised Selected Papers 7, pages 57–76. Springer, 2012.

[21] Emanuele Bellini, Alessandro De Piccoli, Mattia Formenti, David Gerault, Paul Huynh, Simone Pelizzola, Sergio Polese, and Andrea Visconti. Differential cryptanalysis with sat, smt, milp, and cp: a detailed comparison for bitoriented primitives. In International Conference on Cryptology and Network Security, pages 268– 292. Springer, 2023.

[22] Ling Sun, Wei Wang, and Meiqin Wang. Accelerating the search of differential and linear characteristics with the sat method. IACR Transactions on Symmetric Cryptology, pages 269–315, 2021.

[23] Aron Gohr. Improving attacks on round-reduced speck32/64 using deep learning. In Advances in Cryptology–CRYPTO 2019: 39th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 18–22, 2019, Proceedings, Part II 39, pages 150–179. Springer, 2019.

[24] Emanuele Bellini, Mattia Formenti, David G´erault, Juan Grados, Anna Hambitzer, Yun Ju Huang, Paul Huynh, Mohamed Rachidi, Raghvendra Rohit, and Sharwan K Tiwari. Claasping aradi: Automated analysis of the aradi block cipher. In International Conference on Cryptology in India, pages 90–113. Springer, 2024.

[25] Dongsu Shen, Yijian Song, Yuan Lu, Saiqin Long, and Shujuan Tian. Neural differential distinguishers for gift-128 and ascon. Journal of Information Security and Applications, 82:103758, 2024.

[26] Wanqing Wu and Mingyu Guo. Improved integral neural distinguisher model for lightweight cipher present. Cybersecurity, 7(1):1–14, 2024.

[27] Xing Zhang, Shaoyu Tang, Tianning Li, Xiaowei Li, and Changda Wang. Gfrx: A new lightweight block cipher for resource-constrained iot nodes. Electronics, 12(2):405, 2023.

[28] Kaiming He, Xiangyu Zhang, Shaoqing Ren, and Jian Sun. Deep residual learning for image recognition. In Proceedings of the IEEE conference on computer vision and pattern recognition, pages 770–778, 2016.

[29] Nicky Mouha and Bart Preneel. Towards finding optimal differential characteristics for arx: Application to salsa20. Cryptology ePrint Archive, 2013.

[30] Trevor Hansen, Norbert Manthey, and Mate Soos. Stp in the smtcomp 2019.

[31] Aina Niemetz, Mathias Preiner, and Armin Biere. Boolector 2.0. Journal on Satisfiability, Boolean Modeling and Computation, 9(1):53–58, 2014.

[32] Stefan K¨olbl. Cryptosmt: An easy to use tool for cryptanalysis of symmetric primitives.

[33] Anubhab Baksi and Anubhab Baksi. Machine learning-assisted differential distinguishers for lightweight ciphers. Classical and Physical Security of Symmetric Key Cryptographic Algorithms, pages 141–162, 2022.

[34] Emanuele Bellini, David Gerault, Anna Hambitzer, and Matteo Rossi. A cipher-agnostic neural training pipeline with automated finding of good input differences. IACR Transactions on Symmetric Cryptology, 2023(3):184–212, 2023.

[35] Liu Zhang, Zilong Wang, et al. Improving differential-neural cryptanalysis. Cryptology ePrint Archive, 2022.

[36] Iman Mirzaali Mazandarani, Nasour Bagheri, and Sadegh Sadeghi. A comprehensive exploration of deep learning approaches in differential cryptanalysis of lightweight block ciphers. Biannual Journal Monadi for Cyberspace Security (AFTA), 12(1), 2023.

[37] Antonio Fl´orez-Guti´errez and Mar´ıa NayaPlasencia. Improving key-recovery in linear attacks: Application to 28-round present. In Advances in Cryptology–EUROCRYPT 2020: 39th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Zagreb, Croatia, May 10–14, 2020, Proceedings, Part I 39, pages 221–249. Springer, 2020.