Skip to main content
SpringerLink
Log in

Provably minimum data complexity integral distinguisher based on conventional division property

  • Original Paper
  • Published:
Journal of Computer Virology and Hacking Techniques Aims and scope Submit manuscript

Abstract

Division property is an effective method for finding integral distinguishers for block ciphers, performing cube attacks on stream ciphers, and studying the algebraic degree of boolean functions. One of the main problems in this field is how to provably find the smallest input multiset leading to a balanced output. In this paper, we propose a new method, using the division property, to find integral distinguishers for permutation functions and block ciphers, with provably-minimum data complexity, in the conventional division property model. The new method is based on a precise and efficient analysis of the target output bit’s algebraic normal form. We examine the proposed method on LBlock, TWINE, SIMON, Present, Gift, and Clyde-128 block ciphers. Although in most cases, the results are consistent with the distinguishers reported in previous work, their optimality is proved, in the conventional division property model. Moreover, the proposed method can find distinguishers for 8-round Clyde-128 with less data complexity than previously reported. Based on the proposed method, we also develop an algorithm capable of determining the maximum number of balanced output bits for integral distinguishers with a certain number of active bits. Accordingly, for the ciphers under study, we determine the maximum number of balanced bits for integral distinguishers with data complexities set to minimum and slightly higher, resulting in improved distinguishers for Gift-64, Present, and SIMON64, in the conventional model.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Algorithm 1
Fig. 1
Algorithm 2
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

Data Availability

The codes underlying this article are available on GitHub, at: https://github.com/khalesiakram/DivisionMinData.

References

  1. Lai, X.: Higher order derivatives and differential cryptanalysis. In Communications and cryptography, pp. 227–233. Springer, (1994)

  2. Daemen, J., Knudsen, L., Rijmen, V.: The block cipher square. In International Workshop on Fast Software Encryption, pp. 149–165. Springer, (1997)

  3. Knudsen, L., Wagner, D.: Integral cryptanalysis (extended abstract. In Proceedings of Fast Software Encryption–FSE’02, number 2365 in Lecture Notes in Computer Science. Citeseer, (2002)

  4. Todo, Y.: Structural evaluation by generalized integral property. In Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 287–314. Springer, (2015)

  5. Xiang, Z., Zhang, W., Bao, Z., Lin, D.: Applying milp method to searching integral distinguishers based on division property for 6 lightweight block ciphers. In International Conference on the Theory and Application of Cryptology and Information Security, pp. 648–678. Springer, (2016)

  6. Todo, Y., Morii, M.: Bit-based division property and application to simon family. In International Conference on Fast Software Encryption, pp. 357–377. Springer, (2016)

  7. Wang, S., Hu, B., Guan, J., Zhang, K., Shi, T.: Milp-aided method of searching division property using three subsets and applications. In International Conference on the Theory and Application of Cryptology and Information Security, pp. 398–427. Springer, (2019)

  8. Hu, K., Wang, M.: Automatic search for a variant of division property using three subsets. In Cryptographers’ Track at the RSA Conference, pp. 412–432. Springer, (2019)

  9. Hao, Y., Leander, G., Meier, W., Todo, Y., Wang, Q.: Modeling for three-subset division property without unknown subset. vol. 34, pp. 1–69. Springer, (2021)

  10. Todo, Y.: Integral cryptanalysis on full misty1. J. Cryptol. 30(3), 920–959 (2017)

    Article  MathSciNet  Google Scholar 

  11. Eskandari, Z., Kidmose, A.B., Kölbl, S., Tiessen, T.: Finding integral distinguishers with ease. In International Conference on Selected Areas in Cryptography, pp. 115–138. Springer, (2018)

  12. Hu, K., Sun, S., Wang, M., Wang, Q.: An algebraic formulation of the division property: revisiting degree evaluations, cube attacks, and key-independent sums. In International Conference on the Theory and Application of Cryptology and Information Security, pp. 446–476. Springer, (2020)

  13. Sun, L., Wang, W., Wang, M.Q.: Milp-aided bit-based division property for primitives with non-bit-permutation linear layers. IET Inf. Secur. 14(1), 12–20 (2019)

    Article  Google Scholar 

  14. Derbez, P., Fouque, P.-A.: Increasing precision of division property. IACR Trans. Symmetr. Cryptol. 173–194 (2020)

  15. Khalesi, A., Ahmadian, Z.: Integral analysis of saturnin using bit-based division property. In 2021 18th International ISC Conference on Information Security and Cryptology (ISCISC), pp. 63–67. IEEE, (2021)

  16. Bellizia, D., Berti, F., Bronchain, O., Cassiers, G., Duval, S., Guo, C., Leander, G., Leurent, G., Levi, I., Momin, C., et al.: Spook: sponge-based leakage-resistant authenticated encryption with a masked tweakable block cipher. IACR Trans. Symmetr. Cryptol. 2020, 295–349 (2020)

    Article  Google Scholar 

  17. Sun, S., Hu, L., Wang, P., Qiao, K., Ma, X., Song, L.: Automatic security evaluation and (related-key) differential characteristic search: application to simon, present, lblock, des (l) and other bit-oriented block ciphers. In International Conference on the Theory and Application of Cryptology and Information Security, pp. 158–178. Springer, (2014)

  18. Optimization, G.: LLC. Gurobi Optimizer Reference Manual, (2021)

  19. Bisschop, J.: AIMMS optimization modeling. Lulu. com, (2006)

  20. Wu, W., Zhang, L.: Lblock: a lightweight block cipher. In International conference on applied cryptography and network security, pp. 327–344. Springer, (2011)

  21. Suzaki, T., Minematsu, K., Morioka, S., Kobayashi, E.: Twine: a lightweight block cipher for multiple platforms. In International Conference on Selected Areas in Cryptography, pp. 339–354. Springer, (2012)

  22. Beaulieu, R., Shors, D., Smith, J., Treatman-Clark, S., Weeks, B., Wingers, L.: The simon and speck lightweight block ciphers. In Proceedings of the 52nd Annual Design Automation Conference, pp. 1–6. (2015)

  23. Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y., Vikkelsoe, C: Present: an ultra-lightweight block cipher. In International workshop on cryptographic hardware and embedded systems, pp. 450–466. Springer, (2007)

  24. Banik, S., Pandey, S.K., Peyrin, T., Sasaki, Y., Sim, S.M., Todo, Y.: Gift: a small present. In International Conference on cryptographic hardware and embedded systems, pp. 321–345. Springer, (2017)

Download references

Author information

Authors and Affiliations

  1. Department of Electrical Engineering, Shahid Beheshti University, Tehran, Iran

    Akram Khalesi & Zahra Ahmadian

Authors
  1. Akram Khalesi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zahra Ahmadian
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Zahra Ahmadian.

Ethics declarations

Conflict of interest

The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Distinguishers

Distinguishers

The integral distinguishers based on the conventional division property of the studied ciphers are summarized as follows, where \(x_{i_{s}}\) and \(y_{j_{t}}\) in \(\{x_{i_0},\dots x_{i_{n-1}}\}\rightarrow \{y_{j_0},\dots y_{j_{n-1}}\}\) imply the constant input and balanced output bits, respectively.

1.1 17-round LBlock

$$\begin{aligned} \{32\}\rightarrow & {} \{2,3,30,31\}\\ \{36\}\rightarrow & {} \{4,7,10,11\}\\ \{40\}\rightarrow & {} \{13,15,16,18\}\\ \{52\}\rightarrow & {} \{22,23,25,27\} \end{aligned}$$

1.2 16-round LBlock

\(\{32,34\}\rightarrow \{28\}\)

1.3 16-round TWINE

\(\{0\}\rightarrow \{0-3,8-11,16-19,24-27,32-35,40-43,48-51,56-59\}\)

1.4 SIMON

1.4.1 14-round SIMON32

\(\{0\}\rightarrow \{16-31\}\)

1.4.2 16-round SIMON48

\(\{0\}\rightarrow \{24-47\}\)

1.4.3 18-round SIMON64

\(\{0\}\rightarrow \{35,37,43-63\}\)

1.4.4 22-round SIMON96

\(\{12\}\rightarrow \{53,58,60,62,67\}\)

1.4.5 26-round SIMON128

\(\{12\}\rightarrow \{73,75,77\}\)

1.5 9-round Gift-64

\(\{61,62,63\}\rightarrow \{12,32,36,40,60\}\)

1.6 9-round Present

\(\{0,1,2,3\}\rightarrow \{63\}\)

1.7 8-round Clyde-64

\(\{0,4\}\rightarrow \{0\}\)

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Khalesi, A., Ahmadian, Z. Provably minimum data complexity integral distinguisher based on conventional division property. J Comput Virol Hack Tech 20, 113–125 (2024). https://doi.org/10.1007/s11416-023-00502-0

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11416-023-00502-0

Keywords

Search

Navigation