Finding Integral Distinguishers with Ease

  • Zahra Eskandari
  • Andreas Brasen Kidmose
  • Stefan KölblEmail author
  • Tyge Tiessen
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11349)


The division property method is a technique to determine integral distinguishers on block ciphers. While the complexity of finding these distinguishers is higher, it has recently been shown that MILP and SAT solvers can efficiently find such distinguishers. In this paper, we provide a framework to automatically find those distinguishers which solely requires a description of the cryptographic primitive. We demonstrate that by finding integral distinguishers for 30 primitives with different design strategies.

We provide several new or improved bit-based division property distinguishers for ChaCha, Chaskey, DES, GIFT, LBlock, Mantis, Qarma, RoadRunner, Salsa and SM4. Furthermore, we present an algorithm to find distinguishers with lower data complexity more efficiently.


Integral attacks Division property Tool 

Supplementary material


  1. [BJK+16]
    Beierle, C., et al.: The SKINNY family of block ciphers and its low-latency variant MANTIS. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9815, pp. 123–153. Springer, Heidelberg (2016). Scholar
  2. [BPP+17]
    Banik, S., Pandey, S.K., Peyrin, T., Sasaki, Y., Sim, S.M., Todo, Y.: GIFT: a small present. In: Fischer, W., Homma, N. (eds.) CHES 2017. LNCS, vol. 10529, pp. 321–345. Springer, Cham (2017). Scholar
  3. [BS01]
    Biryukov, A., Shamir, A.: Structural cryptanalysis of SASAS. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 395–405. Springer, Heidelberg (2001). Scholar
  4. [BS10]
    Biryukov, A., Shamir, A.: Structural cryptanalysis of SASAS. J. Crypt. 23(4), 505–518 (2010)MathSciNetCrossRefGoogle Scholar
  5. [BS15]
    Baysal, A., Şahin, S.: RoadRunneR: a small and fast bitslice block cipher for low cost 8-bit processors. In: Güneysu, T., Leander, G., Moradi, A. (eds.) LightSec 2015. LNCS, vol. 9542, pp. 58–76. Springer, Cham (2016). Scholar
  6. [DKR97a]
    Daemen, J., Knudsen, L., Rijmen, V.: The block cipher Square. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 149–165. Springer, Heidelberg (1997). Scholar
  7. [DMP+15]
    Dinur, I., Morawiecki, P., Pieprzyk, J., Srebrny, M., Straus, M.: Cube attacks and cube-attack-like cryptanalysis on the round-reduced keccak sponge function. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 733–761. Springer, Heidelberg (2015). Scholar
  8. [DPU+16]
    Dinu, D., Perrin, L., Udovenko, A., Velichkov, V., Großschädl, J., Biryukov, A.: Design strategies for ARX with provable bounds: Sparx and LAX. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 484–513. Springer, Heidelberg (2016). Scholar
  9. [DS09]
    Dinur, I., Shamir, A.: Cube attacks on tweakable black box polynomials. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 278–299. Springer, Heidelberg (2009). Scholar
  10. [DS11]
    Dinur, I., Shamir, A.: Breaking grain-128 with dynamic cube attacks. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 167–187. Springer, Heidelberg (2011). Scholar
  11. [JK97]
    Jakobsen, T., Knudsen, L.R.: The interpolation attack on block ciphers. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 28–40. Springer, Heidelberg (1997). Scholar
  12. [JP15]
    Jovanovic, P., Polian, I.: Fault-based attacks on the Bel-t block cipher family. In: DATE, pp. 601–604. ACM (2015)Google Scholar
  13. [Knu95]
    Knudsen, L.R.: Truncated and higher order differentials. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 196–211. Springer, Heidelberg (1995). Scholar
  14. [KW02]
    Knudsen, L., Wagner, D.: Integral cryptanalysis. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 112–127. Springer, Heidelberg (2002). Scholar
  15. [Lai94]
    Lai, X.: Higher order derivatives and differential cryptanalysis. In: Blahut, R.E., Costello, D.J., Maurer, U., Mittelholzer, T. (eds.) The Springer International Series in Engineering and Computer Science Communications and Information Theory, vol. 276, pp. 227–233. Springer, Boston (1994)Google Scholar
  16. [LJH+07]
    Liu, F., et al.: Analysis of the SMS4 block cipher. In: Pieprzyk, J., Ghodosi, H., Dawson, E. (eds.) ACISP 2007. LNCS, vol. 4586, pp. 158–170. Springer, Heidelberg (2007). Scholar
  17. [MMH+14]
    Mouha, N., Mennink, B., Van Herrewege, A., Watanabe, D., Preneel, B., Verbauwhede, I.: Chaskey: an efficient MAC algorithm for 32-bit microcontrollers. In: Joux, A., Youssef, A. (eds.) SAC 2014. LNCS, vol. 8781, pp. 306–323. Springer, Cham (2014). Scholar
  18. [RR16]
    Rasoolzadeh, S., Raddum, H.: Faster key recovery attack on round-reduced PRINCE. In: Bogdanov, A. (ed.) LightSec 2016. LNCS, vol. 10098, pp. 3–17. Springer, Cham (2017). Scholar
  19. [SGL+17]
    Sun, S., et al.: Analysis of aes, skinny, and others with constraint programming. IACR Trans. Symmetric Cryptol. 1, 2017 (2017)Google Scholar
  20. [SWLW16]
    Sun, L., Wang, W., Liu, R., Wang, M.: MILP-aided bit-based division property for ARX-based block cipher. Cryptology ePrint Archive, Report 2016/1101 (2016).
  21. [SWW16]
    Sun, L., Wang, W., Wang, M.: MILP-aided bit-based division property for primitives with non-bit-permutation linear layers. IACR Cryptology ePrint Archive 2016:811 (2016)Google Scholar
  22. [SWW17]
    Sun, L., Wang, W., Wang, M.: Automatic search of bit-based division property for ARX ciphers and word-based division property. Cryptology ePrint Archive, Report 2017/860 (2017).
  23. [TIHM17]
    Todo, Y., Isobe, T., Hao, Y., Meier, W.: Cube attacks on non-blackbox polynomials based on division property. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10403, pp. 250–279. Springer, Cham (2017). Scholar
  24. [TM16]
    Todo, Y., Morii, M.: Bit-based division property and application to Simon family. In: Peyrin, T. (ed.) FSE 2016. LNCS, vol. 9783, pp. 357–377. Springer, Heidelberg (2016). Scholar
  25. [Tod15a]
    Todo, Y.: Integral cryptanalysis on full MISTY1. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 413–432. Springer, Heidelberg (2015). Scholar
  26. [Tod15b]
    Todo, Y.: Structural evaluation by generalized integral property. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 287–314. Springer, Heidelberg (2015). Scholar
  27. [Tod17]
    Todo, Y.: Integral cryptanalysis on full MISTY1. J. Cryptology 30(3), 920–959 (2017)MathSciNetCrossRefGoogle Scholar
  28. [Vie07]
    Michael Vielhaber. Breaking ONE.FIVIUM by AIDA an algebraic IV differential attack. IACR Cryptology ePrint Archive, 2007:413 (2007)Google Scholar
  29. [XZBL16]
    Xiang, Z., Zhang, W., Bao, Z., Lin, D.: Applying MILP method to searching integral distinguishers based on division property for 6 lightweight block ciphers. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 648–678. Springer, Heidelberg (2016). Scholar
  30. [ZR17]
    Wenying, Z., Rijmen, V.: Division cryptanalysis of block ciphers with a binary diffusion layer. Cryptology ePrint Archive, Report 2017/188 (2017).

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Zahra Eskandari
    • 1
  • Andreas Brasen Kidmose
    • 2
  • Stefan Kölbl
    • 2
    • 3
    Email author
  • Tyge Tiessen
    • 2
  1. 1.Department of Computer EngineeringFerdowsi University of MashhadMashhadIran
  2. 2.DTU ComputeTechnical University of DenmarkKongens LyngbyDenmark
  3. 3.CybercryptCopenhagenDenmark

Personalised recommendations