Skip to main content
SpringerLink
Log in

New method for combining Matsui’s bounding conditions with sequential encoding method

  • Published:
Designs, Codes and Cryptography Aims and scope Submit manuscript

Abstract

As the first generic method for finding the optimal differentialand linear characteristics, Matsui’s branch and bound search algorithm has played an important role in evaluating the security of symmetric ciphers. By combining Matsui’s bounding conditions with automatic search models, search efficiency can be improved. In this paper, by studying the properties of Matsui’s bounding conditions, we give the general form of bounding conditions that can eliminate all the impossible solutions determined by Matsui’s bounding conditions. Then, a new method of combining bounding conditions with sequential encoding method is proposed. With the help of some small size Mixed Integer Linear Programming (MILP) models, we can use fewer variables and clauses to build Satisfiability Problem (SAT) models. As applications, we use our new method to search for the optimal differential and linear characteristics of some SPN, Feistel, and ARX block ciphers. The number of variables and clauses and the solving time of the SAT models are decreased significantly. In addition, we find some new differential and linear characteristics covering more rounds.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Ahmed Abdelkhalek Yu., Sasaki Y.T., Tolba M., Youssef A.M.: MILP modeling for (large) s-boxes to optimize probability of differential characteristics. IACR Trans. Symmetric Cryptol. 2017(4), 99–129 (2017).

    Article  Google Scholar 

  2. Banik S., Pandey S.K., Peyrin T., Sasaki Y., Sim S.M., Todo Y.: GIFT: A small present - towards reaching the limit of lightweight encryption. In Wieland Fischer and Naofumi Homma, editors, Cryptographic Hardware and Embedded Systems - CHES 2017 - 19th International Conference, Taipei, Taiwan, September 25-28, 2017, Proceedings, volume 10529 of Lecture Notes in Computer Science, pages 321–345. Springer, 2017.

  3. Beaulieu R., Shors D., Smith J., Treatman-Clark S., Weeks B., Wingers L.: The SIMON and SPECK families of lightweight block ciphers. IACR Cryptol. ePrint Arch., p. 404 (2013).

  4. Biere A.: Cadical at the sat race 2019. In Heule M., Järvisalo M., Suda M. (Ed.) SAT Race 2019—Solver and Benchmark Descriptions,Theory and Applications of Satisfiability Testing—SAT 2009, volume B-2019-1, pp. 8–9. University of Helsinki (2019).

  5. Biham E., Shamir A.: Differential cryptanalysis of des-like cryptosystems. In Alfred Menezes and Scott A. Vanstone, editors, Advances in Cryptology—CRYPTO ’90, Santa Barbara, California, USA, August 11–15, 1990, Proceedings, volume 537 of Lecture Notes in Computer Science, pp. 2–21. Springer (1990).

  6. Bogdanov A., Knudsen L.R., Leander G., Paar C., Poschmann A., Robshaw M.J.B., Seurin Y., Vikkelsoe C.: PRESENT: an ultra-lightweight block cipher. In: Paillier P., Verbauwhede I. (Eds.) Cryptographic Hardware and Embedded Systems - CHES 2007, 9th International Workshop, Vienna, Austria, September 10–13, 2007, Proceedings, volume 4727 of Lecture Notes in Computer Science, pp. 450–466. Springer (2007).

  7. Boura C., Coggia D.: Efficient MILP modelings for sboxes and linear layers of SPN ciphers. IACR Trans. Symmetric Cryptol. 2020(3), 327–361 (2020).

    Article  Google Scholar 

  8. Cui T., Jia K., Fu K., Chen S., Wang M.: New automatic search tool for impossible differentials and zero-correlation linear approximations. IACR Cryptol. ePrint Arch., p. 689 (2016).

  9. Erlacher J., Mendel F., Eichlseder M.: Bounds for the security of ascon against differential and linear cryptanalysis. IACR Trans. Symmetric Cryptol. 2022(1), 64–87 (2022).

    Article  Google Scholar 

  10. Fu K., Wang M., Guo Y., Sun S., Hu L.: Milp-based automatic search algorithms for differential and linear trails for speck. In: Peyrin T. (Ed.) Fast Software Encryption—23rd International Conference, FSE 2016, Bochum, Germany, March 20-23, 2016, Revised Selected Papers, volume 9783 of Lecture Notes in Computer Science, pp. 268–288. Springer (2016).

  11. Gu Z., Rothberg E., Bixby R.: Gurobi optimizer. http://www.gurobi.com/.

  12. Kim S., Hong D., Sung J., Hong S.: Accelerating the best trail search on aes-like ciphers. IACR Trans. Symmetric Cryptol. 2022(2), 201–252 (2022).

    Article  Google Scholar 

  13. Kölbl S., Leander G., Tiessen T.: Observations on the SIMON block cipher family. In Gennaro R., Robshaw M. (Eds.) Advances in Cryptology—CRYPTO 2015—35th Annual Cryptology Conference, Santa Barbara, CA, USA, August 16–20, 2015, Proceedings, Part I, volume 9215 of Lecture Notes in Computer Science, pages 161–185. Springer (2015).

  14. Li T., Sun Y.: Superball: a new approach for MILP modelings of boolean functions. IACR Trans. Symmetric Cryptol. 2022(3), 341–367 (2022).

    Article  MathSciNet  Google Scholar 

  15. Liu Y., Liang H., Li M., Huang L., Hu K., Yang C. Wang M.: STP models of optimal differential and linear trail for s-box based ciphers. Sci. China Inf. Sci. 64(5) (2021).

  16. Liu Y., Wang Q., Rijmen V.: Automatic search of linear trails in ARX with applications to SPECK and chaskey. In Manulis M., Sadeghi A-.R., Schneider S.A. (Eds.) Applied Cryptography and Network Security—14th International Conference, ACNS 2016, Guildford, UK, June 19–22, 2016. Proceedings, volume 9696 of Lecture Notes in Computer Science, pp. 485–499. Springer (2016).

  17. Liu Z., Li Y., Jiao L., Wang M.: A new method for searching optimal differential and linear trails in ARX ciphers. IEEE Trans. Inf. Theory 67(2), 1054–1068 (2021).

    Article  MathSciNet  MATH  Google Scholar 

  18. Matsui M.: Linear cryptanalysis method for DES cipher. In Tor Helleseth, editor, Advances in Cryptology - EUROCRYPT ’93, Workshop on the Theory and Application of of Cryptographic Techniques, Lofthus, Norway, May 23–27, 1993, Proceedings, volume 765 of Lecture Notes in Computer Science, pp. 386–397. Springer (1993).

  19. Matsui M.: On correlation between the order of s-boxes and the strength of DES. In Alfredo De Santis, editor, Advances in Cryptology - EUROCRYPT ’94, Workshop on the Theory and Application of Cryptographic Techniques, Perugia, Italy, May 9-12, 1994, Proceedings, volume 950 of Lecture Notes in Computer Science, pp. 366–375. Springer (1994.)

  20. Mouha M., Preneel B.: Towards finding optimal differential characteristics for arx: Application to salsa20. Cryptology ePrint Archive, Report 2013/328 (2013). https://ia.cr/2013/328.

  21. Mouha N., Wang Q., Gu D., Preneel B.: Differential and linear cryptanalysis using mixed-integer linear programming. In: Wu C., Yung, M, Lin D., (Eds.), Information Security and Cryptology—7th International Conference, Inscrypt 2011, Beijing, China, November 30–December 3, 2011. Revised Selected Papers, volume 7537 of Lecture Notes in Computer Science, pp. 57–76. Springer (2011).

  22. Sasaki Y., Todo, Y.: New algorithm for modeling s-box in MILP based differential and division trail search. In: Farshim P., Simion E. (Eds.) Innovative Security Solutions for Information Technology and Communications - 10th International Conference, SecITC 2017, Bucharest, Romania, June 8–9, 2017, Revised Selected Papers, volume 10543 of Lecture Notes in Computer Science, pp. 150–165. Springer (2017).

  23. Sasaki Y., Todo Y.: New impossible differential search tool from design and cryptanalysis aspects - revealing structural properties of several ciphers. In: Coron J.S., Nielsen J.B. (Eds.) Advances in Cryptology—EUROCRYPT 2017—36th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Paris, France, April 30–May 4, 2017, Proceedings, Part III, volume 10212 of Lecture Notes in Computer Science, pp. 185–215 (2017).

  24. Sinz C.: Towards an optimal CNF encoding of boolean cardinality constraints. In van Beek P. (Ed.) Principles and Practice of Constraint Programming—CP 2005, Sitges, Spain, October 1–5, 2005, Proceedings, volume 3709 of Lecture Notes in Computer Science, pp. 827–831. Springer (2005).

  25. Stephen A.C.: The complexity of theorem-proving procedures. In Harrison M.A., Banerji R.B., Ullman J.D. (Eds.) Proceedings of the 3rd Annual ACM Symposium on Theory of Computing, May 3–5, 1971, Shaker Heights, Ohio, USA, pp. 151–158. ACM (1971).

  26. Sun S., Hu L., S L.ong, Xie Y., Wang P.: Automatic security evaluation of block ciphers with s-bp structures against related-key differential attacks. In Lin D., Xu S., Yung M. (Eds.), Information Security and Cryptology - 9th International Conference, Inscrypt 2013, Guangzhou, China, November 27–30, 2013, Revised Selected Papers, volume 8567 of Lecture Notes in Computer Science, pp. 39–51. Springer, (2013).

  27. Sun S., Hu L., Wang P., Qiao K., Ma X., Song L.: Automatic security evaluation and (related-key) differential characteristic search: Application to simon, present, lblock, DES(L) and other bit-oriented block ciphers. In Palash Sarkar and Tetsu Iwata, editors, Advances in Cryptology—ASIACRYPT 2014—20th International Conference on the Theory and Application of Cryptology and Information Security, Kaoshiung, Taiwan, R.O.C., December 7–11, 2014. Proceedings, Part I, volume 8873 of Lecture Notes in Computer Science, pp. 158–178. Springer (2014.)

  28. Sun B., Liu Z., Rijmen V., Li R., Cheng L., Wang Q., AlKhzaimi H., Li C.: Links among impossible differential, integral and zero correlation linear cryptanalysis. In Gennaro R., Robshaw M. (Eds.) Advances in Cryptology—CRYPTO 2015—35th Annual Cryptology Conference, Santa Barbara, CA, USA, August 16–20, 2015, Proceedings, Part I, volume 9215 of Lecture Notes in Computer Science, pp. 95–115. Springer (2015).

  29. Sun L., Wang W., Wang M.: Automatic search of bit-based division property for ARX ciphers and word-based division property. In: Takagi T., Peyrin T. (Eds.) Advances in Cryptology—ASIACRYPT 2017—23rd International Conference on the Theory and Applications of Cryptology and Information Security, Hong Kong, China, December 3–7, 2017, Proceedings, Part I, volume 10624 of Lecture Notes in Computer Science, pp. 128–157. Springer (2017).

  30. Sun L., Wang W., Wang M.: More accurate differential properties of LED64 and midori64. IACR Trans. Symmetric Cryptol. 2018(3), 93–123 (2018).

    Article  Google Scholar 

  31. Sun L., Wang W., Wang M.: Accelerating the search of differential and linear characteristics with the SAT method. IACR Trans. Symmetric Cryptol. 2021(1), 269–315 (2021).

    Article  Google Scholar 

  32. Suzaki T., Minematsu K., Morioka S., Kobayashi E.: Twine: A lightweight block cipher for multiple platforms. In Lars R. Knudsen and Huapeng Wu, editors, Selected Areas in Cryptography, 19th International Conference, SAC 2012, Windsor, ON, Canada, August 15-16, 2012, Revised Selected Papers, volume 7707 of Lecture Notes in Computer Science, pages 339–354. Springer, 2012.

  33. Todo Y., Isobe T., Hao Y., Meier W.: Cube attacks on non-blackbox polynomials based on division property. In: Katz J., Shacham H. (Ed.) Advances in Cryptology—CRYPTO 2017—37th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 20–24, 2017, Proceedings, Part III, volume 10403 of Lecture Notes in Computer Science, pp. 250–279. Springer (2017).

  34. Udovenko A.: MILP modeling of boolean functions by minimum number of inequalities. IACR Cryptol. ePrint Arch., page 1099 (2021).

  35. Wang S., Hu B., Guan J., Zhang K., Shi T.: Milp-aided method of searching division property using three subsets and applications. In: Galbraith S.D., Moriai S. (Ed.) Advances in Cryptology—ASIACRYPT 2019—25th International Conference on the Theory and Application of Cryptology and Information Security, Kobe, Japan, December 8–12, 2019, Proceedings, Part III, volume 11923 of Lecture Notes in Computer Science, pp. 398–427. Springer (2019).

  36. Wu S., Wang M.: Security evaluation against differential cryptanalysis for block cipher structures. IACR Cryptol. ePrint Arch. p. 551 (2011).

  37. Wu W., Zhang L.: Lblock: A lightweight block cipher. In Javier López and Gene Tsudik, editors, Applied Cryptography and Network Security - 9th International Conference, ACNS 2011, Nerja, Spain, June 7-10, 2011. Proceedings, volume 6715 of Lecture Notes in Computer Science, pages 327–344, 2011.

  38. Xiang Z., Zhang W., Bao Z., Lin D.: Applying MILP method to searching integral distinguishers based on division property for 6 lightweight block ciphers. In: Cheon J.H., Takagi T. (Ed)., Advances in Cryptology—ASIACRYPT 2016, Hanoi, Vietnam, December 4–8, 2016, Proceedings, Part I, volume 10031 of Lecture Notes in Computer Science, pp. 648–678 (2016).

  39. Zhang Y., Sun S., Cai J., Hu L.: Speeding up MILP aided differential characteristic search with matsui’s strategy. In Chen L., Manulis M., Schneider S.A. (Eds.) ISC 2018, Guildford, UK, September 9–12, 2018, Proceedings, volume 11060 of Lecture Notes in Computer Science, pp. 101–115. Springer (2018)

  40. Zhang W., Bao Z., Lin D., Rijmen V., Yang B., Verbauwhede I.: RECTANGLE: a bit-slice lightweight block cipher suitable for multiple platforms. Sci. China Inf. Sci. 58(12), 1–15 (2015).

    Google Scholar 

  41. Zhou C., Zhang W., Ding T., Xiang Z.: Improving the milp-based security evaluation algorithm against differential/linear cryptanalysis using A divide-and-conquer approach. IACR Trans. Symmetric Cryptol. 2019(4), 438–469 (2019).

    Google Scholar 

Download references

Acknowledgements

The authors would like to thank the anonymous reviewers for their detailed comments and suggestions. This work is supported by the National Natural Science Foundation of China [Grant No.62102448,62202493].

Author information

Authors and Affiliations

  1. State Key Laboratory of Cryptology, Beijing, China

    Senpeng Wang & Dengguo Feng

  2. PLA SSF Information Engineering University, Zhengzhou, China

    Senpeng Wang, Bin Hu, Jie Guan, Kai Zhang & Tairong Shi

Authors
  1. Senpeng Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dengguo Feng
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Bin Hu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jie Guan
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Kai Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Tairong Shi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Senpeng Wang.

Additional information

Communicated by D. Stebila.

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Appendix

Appendix

Table 4 Experimental results of PRESENT
Full size table
Table 5 Experimental results of RECTANGLE
Full size table
Table 6 Experimental results of GIFT64
Full size table
Table 7 Differential property of GIFT128
Full size table
Table 8 Linear property of GIFT128
Full size table
Table 9 Experimental results of LBlock
Full size table
Table 10 Experimental results of TWINE
Full size table
Table 11 Experimental results of SPECK32
Full size table
Table 12 Experimental results of SPECK48
Full size table
Table 13 Experimental results of SPECK64
Full size table
Table 14 Experimental results of SPECK96
Full size table
Table 15 Experimental results of SPECK128
Full size table

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Wang, S., Feng, D., Hu, B. et al. New method for combining Matsui’s bounding conditions with sequential encoding method. Des. Codes Cryptogr. 91, 3603–3642 (2023). https://doi.org/10.1007/s10623-023-01259-9

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10623-023-01259-9

Keywords

Mathematics Subject Classification

Search

Navigation