Advertisement

Finding Integral Distinguishers with Ease

  • Zahra Eskandari
  • Andreas Brasen Kidmose
  • Stefan KölblEmail author
  • Tyge Tiessen
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11349)

Abstract

The division property method is a technique to determine integral distinguishers on block ciphers. While the complexity of finding these distinguishers is higher, it has recently been shown that MILP and SAT solvers can efficiently find such distinguishers. In this paper, we provide a framework to automatically find those distinguishers which solely requires a description of the cryptographic primitive. We demonstrate that by finding integral distinguishers for 30 primitives with different design strategies.

We provide several new or improved bit-based division property distinguishers for ChaCha, Chaskey, DES, GIFT, LBlock, Mantis, Qarma, RoadRunner, Salsa and SM4. Furthermore, we present an algorithm to find distinguishers with lower data complexity more efficiently.

Keywords

Integral attacks Division property Tool 

Supplementary material

References

  1. [BJK+16]
    Beierle, C., et al.: The SKINNY family of block ciphers and its low-latency variant MANTIS. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9815, pp. 123–153. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53008-5_5CrossRefGoogle Scholar
  2. [BPP+17]
    Banik, S., Pandey, S.K., Peyrin, T., Sasaki, Y., Sim, S.M., Todo, Y.: GIFT: a small present. In: Fischer, W., Homma, N. (eds.) CHES 2017. LNCS, vol. 10529, pp. 321–345. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-66787-4_16CrossRefGoogle Scholar
  3. [BS01]
    Biryukov, A., Shamir, A.: Structural cryptanalysis of SASAS. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 395–405. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-44987-6_24CrossRefGoogle Scholar
  4. [BS10]
    Biryukov, A., Shamir, A.: Structural cryptanalysis of SASAS. J. Crypt. 23(4), 505–518 (2010)MathSciNetCrossRefGoogle Scholar
  5. [BS15]
    Baysal, A., Şahin, S.: RoadRunneR: a small and fast bitslice block cipher for low cost 8-bit processors. In: Güneysu, T., Leander, G., Moradi, A. (eds.) LightSec 2015. LNCS, vol. 9542, pp. 58–76. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-29078-2_4CrossRefGoogle Scholar
  6. [DKR97a]
    Daemen, J., Knudsen, L., Rijmen, V.: The block cipher Square. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 149–165. Springer, Heidelberg (1997).  https://doi.org/10.1007/BFb0052343CrossRefGoogle Scholar
  7. [DMP+15]
    Dinur, I., Morawiecki, P., Pieprzyk, J., Srebrny, M., Straus, M.: Cube attacks and cube-attack-like cryptanalysis on the round-reduced keccak sponge function. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 733–761. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46800-5_28CrossRefGoogle Scholar
  8. [DPU+16]
    Dinu, D., Perrin, L., Udovenko, A., Velichkov, V., Großschädl, J., Biryukov, A.: Design strategies for ARX with provable bounds: Sparx and LAX. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 484–513. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53887-6_18CrossRefGoogle Scholar
  9. [DS09]
    Dinur, I., Shamir, A.: Cube attacks on tweakable black box polynomials. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 278–299. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-01001-9_16CrossRefGoogle Scholar
  10. [DS11]
    Dinur, I., Shamir, A.: Breaking grain-128 with dynamic cube attacks. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 167–187. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-21702-9_10CrossRefGoogle Scholar
  11. [JK97]
    Jakobsen, T., Knudsen, L.R.: The interpolation attack on block ciphers. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 28–40. Springer, Heidelberg (1997).  https://doi.org/10.1007/BFb0052332CrossRefGoogle Scholar
  12. [JP15]
    Jovanovic, P., Polian, I.: Fault-based attacks on the Bel-t block cipher family. In: DATE, pp. 601–604. ACM (2015)Google Scholar
  13. [Knu95]
    Knudsen, L.R.: Truncated and higher order differentials. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 196–211. Springer, Heidelberg (1995).  https://doi.org/10.1007/3-540-60590-8_16CrossRefGoogle Scholar
  14. [KW02]
    Knudsen, L., Wagner, D.: Integral cryptanalysis. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 112–127. Springer, Heidelberg (2002).  https://doi.org/10.1007/3-540-45661-9_9CrossRefGoogle Scholar
  15. [Lai94]
    Lai, X.: Higher order derivatives and differential cryptanalysis. In: Blahut, R.E., Costello, D.J., Maurer, U., Mittelholzer, T. (eds.) The Springer International Series in Engineering and Computer Science Communications and Information Theory, vol. 276, pp. 227–233. Springer, Boston (1994)Google Scholar
  16. [LJH+07]
    Liu, F., et al.: Analysis of the SMS4 block cipher. In: Pieprzyk, J., Ghodosi, H., Dawson, E. (eds.) ACISP 2007. LNCS, vol. 4586, pp. 158–170. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-73458-1_13CrossRefGoogle Scholar
  17. [MMH+14]
    Mouha, N., Mennink, B., Van Herrewege, A., Watanabe, D., Preneel, B., Verbauwhede, I.: Chaskey: an efficient MAC algorithm for 32-bit microcontrollers. In: Joux, A., Youssef, A. (eds.) SAC 2014. LNCS, vol. 8781, pp. 306–323. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-13051-4_19CrossRefGoogle Scholar
  18. [RR16]
    Rasoolzadeh, S., Raddum, H.: Faster key recovery attack on round-reduced PRINCE. In: Bogdanov, A. (ed.) LightSec 2016. LNCS, vol. 10098, pp. 3–17. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-55714-4_1CrossRefGoogle Scholar
  19. [SGL+17]
    Sun, S., et al.: Analysis of aes, skinny, and others with constraint programming. IACR Trans. Symmetric Cryptol. 1, 2017 (2017)Google Scholar
  20. [SWLW16]
    Sun, L., Wang, W., Liu, R., Wang, M.: MILP-aided bit-based division property for ARX-based block cipher. Cryptology ePrint Archive, Report 2016/1101 (2016). http://eprint.iacr.org/2016/1101
  21. [SWW16]
    Sun, L., Wang, W., Wang, M.: MILP-aided bit-based division property for primitives with non-bit-permutation linear layers. IACR Cryptology ePrint Archive 2016:811 (2016)Google Scholar
  22. [SWW17]
    Sun, L., Wang, W., Wang, M.: Automatic search of bit-based division property for ARX ciphers and word-based division property. Cryptology ePrint Archive, Report 2017/860 (2017). https://eprint.iacr.org/2017/860
  23. [TIHM17]
    Todo, Y., Isobe, T., Hao, Y., Meier, W.: Cube attacks on non-blackbox polynomials based on division property. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10403, pp. 250–279. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-63697-9_9CrossRefGoogle Scholar
  24. [TM16]
    Todo, Y., Morii, M.: Bit-based division property and application to Simon family. In: Peyrin, T. (ed.) FSE 2016. LNCS, vol. 9783, pp. 357–377. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-52993-5_18CrossRefGoogle Scholar
  25. [Tod15a]
    Todo, Y.: Integral cryptanalysis on full MISTY1. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 413–432. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-47989-6_20CrossRefGoogle Scholar
  26. [Tod15b]
    Todo, Y.: Structural evaluation by generalized integral property. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 287–314. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46800-5_12CrossRefGoogle Scholar
  27. [Tod17]
    Todo, Y.: Integral cryptanalysis on full MISTY1. J. Cryptology 30(3), 920–959 (2017)MathSciNetCrossRefGoogle Scholar
  28. [Vie07]
    Michael Vielhaber. Breaking ONE.FIVIUM by AIDA an algebraic IV differential attack. IACR Cryptology ePrint Archive, 2007:413 (2007)Google Scholar
  29. [XZBL16]
    Xiang, Z., Zhang, W., Bao, Z., Lin, D.: Applying MILP method to searching integral distinguishers based on division property for 6 lightweight block ciphers. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 648–678. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53887-6_24CrossRefGoogle Scholar
  30. [ZR17]
    Wenying, Z., Rijmen, V.: Division cryptanalysis of block ciphers with a binary diffusion layer. Cryptology ePrint Archive, Report 2017/188 (2017). https://eprint.iacr.org/2017/188

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Zahra Eskandari
    • 1
  • Andreas Brasen Kidmose
    • 2
  • Stefan Kölbl
    • 2
    • 3
    Email author
  • Tyge Tiessen
    • 2
  1. 1.Department of Computer EngineeringFerdowsi University of MashhadMashhadIran
  2. 2.DTU ComputeTechnical University of DenmarkKongens LyngbyDenmark
  3. 3.CybercryptCopenhagenDenmark

Personalised recommendations