Abstract
Division property is an effective method for finding integral distinguishers for block ciphers, performing cube attacks on stream ciphers, and studying the algebraic degree of boolean functions. One of the main problems in this field is how to provably find the smallest input multiset leading to a balanced output. In this paper, we propose a new method, using the division property, to find integral distinguishers for permutation functions and block ciphers, with provably-minimum data complexity, in the conventional division property model. The new method is based on a precise and efficient analysis of the target output bit’s algebraic normal form. We examine the proposed method on LBlock, TWINE, SIMON, Present, Gift, and Clyde-128 block ciphers. Although in most cases, the results are consistent with the distinguishers reported in previous work, their optimality is proved, in the conventional division property model. Moreover, the proposed method can find distinguishers for 8-round Clyde-128 with less data complexity than previously reported. Based on the proposed method, we also develop an algorithm capable of determining the maximum number of balanced output bits for integral distinguishers with a certain number of active bits. Accordingly, for the ciphers under study, we determine the maximum number of balanced bits for integral distinguishers with data complexities set to minimum and slightly higher, resulting in improved distinguishers for Gift-64, Present, and SIMON64, in the conventional model.
Similar content being viewed by others
Data Availability
The codes underlying this article are available on GitHub, at: https://github.com/khalesiakram/DivisionMinData.
References
Lai, X.: Higher order derivatives and differential cryptanalysis. In Communications and cryptography, pp. 227–233. Springer, (1994)
Daemen, J., Knudsen, L., Rijmen, V.: The block cipher square. In International Workshop on Fast Software Encryption, pp. 149–165. Springer, (1997)
Knudsen, L., Wagner, D.: Integral cryptanalysis (extended abstract. In Proceedings of Fast Software Encryption–FSE’02, number 2365 in Lecture Notes in Computer Science. Citeseer, (2002)
Todo, Y.: Structural evaluation by generalized integral property. In Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 287–314. Springer, (2015)
Xiang, Z., Zhang, W., Bao, Z., Lin, D.: Applying milp method to searching integral distinguishers based on division property for 6 lightweight block ciphers. In International Conference on the Theory and Application of Cryptology and Information Security, pp. 648–678. Springer, (2016)
Todo, Y., Morii, M.: Bit-based division property and application to simon family. In International Conference on Fast Software Encryption, pp. 357–377. Springer, (2016)
Wang, S., Hu, B., Guan, J., Zhang, K., Shi, T.: Milp-aided method of searching division property using three subsets and applications. In International Conference on the Theory and Application of Cryptology and Information Security, pp. 398–427. Springer, (2019)
Hu, K., Wang, M.: Automatic search for a variant of division property using three subsets. In Cryptographers’ Track at the RSA Conference, pp. 412–432. Springer, (2019)
Hao, Y., Leander, G., Meier, W., Todo, Y., Wang, Q.: Modeling for three-subset division property without unknown subset. vol. 34, pp. 1–69. Springer, (2021)
Todo, Y.: Integral cryptanalysis on full misty1. J. Cryptol. 30(3), 920–959 (2017)
Eskandari, Z., Kidmose, A.B., Kölbl, S., Tiessen, T.: Finding integral distinguishers with ease. In International Conference on Selected Areas in Cryptography, pp. 115–138. Springer, (2018)
Hu, K., Sun, S., Wang, M., Wang, Q.: An algebraic formulation of the division property: revisiting degree evaluations, cube attacks, and key-independent sums. In International Conference on the Theory and Application of Cryptology and Information Security, pp. 446–476. Springer, (2020)
Sun, L., Wang, W., Wang, M.Q.: Milp-aided bit-based division property for primitives with non-bit-permutation linear layers. IET Inf. Secur. 14(1), 12–20 (2019)
Derbez, P., Fouque, P.-A.: Increasing precision of division property. IACR Trans. Symmetr. Cryptol. 173–194 (2020)
Khalesi, A., Ahmadian, Z.: Integral analysis of saturnin using bit-based division property. In 2021 18th International ISC Conference on Information Security and Cryptology (ISCISC), pp. 63–67. IEEE, (2021)
Bellizia, D., Berti, F., Bronchain, O., Cassiers, G., Duval, S., Guo, C., Leander, G., Leurent, G., Levi, I., Momin, C., et al.: Spook: sponge-based leakage-resistant authenticated encryption with a masked tweakable block cipher. IACR Trans. Symmetr. Cryptol. 2020, 295–349 (2020)
Sun, S., Hu, L., Wang, P., Qiao, K., Ma, X., Song, L.: Automatic security evaluation and (related-key) differential characteristic search: application to simon, present, lblock, des (l) and other bit-oriented block ciphers. In International Conference on the Theory and Application of Cryptology and Information Security, pp. 158–178. Springer, (2014)
Optimization, G.: LLC. Gurobi Optimizer Reference Manual, (2021)
Bisschop, J.: AIMMS optimization modeling. Lulu. com, (2006)
Wu, W., Zhang, L.: Lblock: a lightweight block cipher. In International conference on applied cryptography and network security, pp. 327–344. Springer, (2011)
Suzaki, T., Minematsu, K., Morioka, S., Kobayashi, E.: Twine: a lightweight block cipher for multiple platforms. In International Conference on Selected Areas in Cryptography, pp. 339–354. Springer, (2012)
Beaulieu, R., Shors, D., Smith, J., Treatman-Clark, S., Weeks, B., Wingers, L.: The simon and speck lightweight block ciphers. In Proceedings of the 52nd Annual Design Automation Conference, pp. 1–6. (2015)
Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y., Vikkelsoe, C: Present: an ultra-lightweight block cipher. In International workshop on cryptographic hardware and embedded systems, pp. 450–466. Springer, (2007)
Banik, S., Pandey, S.K., Peyrin, T., Sasaki, Y., Sim, S.M., Todo, Y.: Gift: a small present. In International Conference on cryptographic hardware and embedded systems, pp. 321–345. Springer, (2017)
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Distinguishers
Distinguishers
The integral distinguishers based on the conventional division property of the studied ciphers are summarized as follows, where \(x_{i_{s}}\) and \(y_{j_{t}}\) in \(\{x_{i_0},\dots x_{i_{n-1}}\}\rightarrow \{y_{j_0},\dots y_{j_{n-1}}\}\) imply the constant input and balanced output bits, respectively.
1.1 17-round LBlock
1.2 16-round LBlock
\(\{32,34\}\rightarrow \{28\}\)
1.3 16-round TWINE
\(\{0\}\rightarrow \{0-3,8-11,16-19,24-27,32-35,40-43,48-51,56-59\}\)
1.4 SIMON
1.4.1 14-round SIMON32
\(\{0\}\rightarrow \{16-31\}\)
1.4.2 16-round SIMON48
\(\{0\}\rightarrow \{24-47\}\)
1.4.3 18-round SIMON64
\(\{0\}\rightarrow \{35,37,43-63\}\)
1.4.4 22-round SIMON96
\(\{12\}\rightarrow \{53,58,60,62,67\}\)
1.4.5 26-round SIMON128
\(\{12\}\rightarrow \{73,75,77\}\)
1.5 9-round Gift-64
\(\{61,62,63\}\rightarrow \{12,32,36,40,60\}\)
1.6 9-round Present
\(\{0,1,2,3\}\rightarrow \{63\}\)
1.7 8-round Clyde-64
\(\{0,4\}\rightarrow \{0\}\)
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Khalesi, A., Ahmadian, Z. Provably minimum data complexity integral distinguisher based on conventional division property. J Comput Virol Hack Tech 20, 113–125 (2024). https://doi.org/10.1007/s11416-023-00502-0
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11416-023-00502-0