Skip to main content
SpringerLink
Log in

Efficient Methods to Search for Best Differential Characteristics on SKINNY

  • Conference paper
  • First Online:
Applied Cryptography and Network Security (ACNS 2021)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12727))

Included in the following conference series:

Abstract

Evaluating resistance of ciphers against differential cryptanalysis is essential to define the number of rounds of new designs and to mount attacks derived from differential cryptanalysis.

In this paper, we propose automatic tools to find the best differential characteristics on the SKINNY block cipher. As usually done in the literature, we split this search in two stages denoted by Step 1 and Step 2. In Step 1, we aim at finding all truncated differential characteristics with a low enough number of active Sboxes. Then, in Step 2, we try to instantiate each difference value while maximizing the overall differential characteristic probability. We solve Step 1 using an ad-hoc method inspired from the work of Fouque et al. whereas Step 2 is modelized for the Choco-solver library as it seems to outperform all previous methods on this stage.

Notably, for SKINNY-128 in the SK model and for 13 rounds, we retrieve the results of Abdelkhalek et al. within a few seconds (to compare with 16 days) and we provide, for the first time, the best differential related-tweakey characteristics up to 14 rounds for the TK1 model. Regarding the TK2 and the TK3 models, we were not able to test all the solutions Step 1, and thus the differential characteristics we found up to 16 and 17 rounds are not necessarily optimal.

The research leading to these results has received funding from the French National Research Agency (ANR) under the project Decrypt ANR-18-CE39-0007.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 69.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 89.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    see: https://www.gurobi.com/documentation/9.0/refman/threads.html .

  2. 2.

    It seems that the use of the 128 threads was prohibited by the memory usage of XOR tables (i.e. XOR in extension).

References

  1. Abdelkhalek, A., Sasaki, Y., Todo, Y., Tolba, M., Youssef, A.M.: MILP modeling for (large) s-boxes to optimize probability of differential characteristics. IACR Trans. Symmetric Cryptol. 2017(4), 99–129 (2017)

    Article  Google Scholar 

  2. Alfarano, G.N., Beierle, C., Isobe, T., Kölbl, S., Leander, G.: ShiftRows alternatives for AES-like ciphers and optimal cell permutations for Midori and SKINNY. IACR Trans. Symmetric Cryptol. 2018(2), 20–47 (2018). https://doi.org/10.13154/tosc.v2018.i2.20-47

    Article  Google Scholar 

  3. Beierle, C., et al.: The SKINNY family of block ciphers and its low-latency variant MANTIS. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9815, pp. 123–153. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53008-5_5

    Chapter  Google Scholar 

  4. Biham, E.: New types of cryptanalytic attacks using related keys. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 398–409. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48285-7_34

    Chapter  Google Scholar 

  5. Biham, E., Shamir, A.: Differential cryptanalysis of feal and n-hash. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 1–16. Springer, Heidelberg (1991). https://doi.org/10.1007/3-540-46416-6_1

    Chapter  Google Scholar 

  6. Biryukov, A., Nikolić, I.: Automatic search for related-key differential characteristics in byte-oriented block ciphers: application to AES, Camellia, Khazad and others. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 322–344. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13190-5_17

    Chapter  MATH  Google Scholar 

  7. Delaune, S., Derbez, P., Huynh, P., Minier, M., Mollimard, V., Prud’Homme, C.: SKINNY with scalpel comparing tools for differential analysis (April 2021). https://hal.archives-ouvertes.fr/hal-03040548, working paper or preprint

  8. Demeulenaere, J., et al.: Compact-table: efficiently filtering table constraints with reversible sparse bit-sets. In: Rueher, M. (ed.) CP 2016. LNCS, vol. 9892, pp. 207–223. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-44953-1_14

    Chapter  Google Scholar 

  9. Eichlseder, M., Nageler, M., Primas, R.: Analyzing the linear keystream biases in AEGIS. IACR Trans. Symmetric Cryptol. 2019(4), 348–368 (2019)

    Google Scholar 

  10. Fouque, P.-A., Jean, J., Peyrin, T.: Structural evaluation of AES, and chosen-key distinguisher of 9-Round AES-128. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 183–203. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40041-4_11

    Chapter  Google Scholar 

  11. Gérault, D., Lafourcade, P., Minier, M., Solnon, C.: Revisiting AES related-key differential attacks with constraint programming. Inf. Process. Lett. 139, 24–29 (2018)

    Article  MathSciNet  Google Scholar 

  12. Gerault, D., Lafourcade, P., Minier, M., Solnon, C.: Computing AES related-key differential characteristics with constraint programming. Artif. Intell. 278, 103183 (2020)

    Article  MathSciNet  Google Scholar 

  13. Gerault, D., Minier, M., Solnon, C.: Constraint programming models for chosen key differential cryptanalysis. In: Rueher, M. (ed.) CP 2016. LNCS, vol. 9892, pp. 584–601. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-44953-1_37

    Chapter  Google Scholar 

  14. Jean, J.: TikZ for cryptographers (2016). https://www.iacr.org/authors/tikz/

  15. Jean, J., Nikolić, I., Peyrin, T.: Tweaks and keys for block ciphers: the TWEAKEY framework. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8874, pp. 274–288. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45608-8_15

    Chapter  Google Scholar 

  16. Knudsen, L.R.: Truncated and higher order differentials. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 196–211. Springer, Heidelberg (1995). https://doi.org/10.1007/3-540-60590-8_16

    Chapter  Google Scholar 

  17. Kölbl, S., Leander, G., Tiessen, T.: Observations on the SIMON block cipher family. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 161–185. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-47989-6_8

    Chapter  Google Scholar 

  18. Lafitte, F.: Cryptosat: a tool for sat-based cryptanalysis. IET Inf. Secur. 12(6), 463–474 (2018)

    Article  Google Scholar 

  19. Liu, G., Ghosh, M., Song, L.: Security analysis of SKINNY under related-tweakey settings (long paper). IACR Trans. Symmetric Cryptol. 2017(3), 37–72 (2017). https://doi.org/10.13154/tosc.v2017.i3.37-72

    Article  Google Scholar 

  20. Matsui, M.: On correlation between the order of S-boxes and the strength of DES. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 366–375. Springer, Heidelberg (1995). https://doi.org/10.1007/BFb0053451

    Chapter  Google Scholar 

  21. Mouha, N., Preneel, B.: A proof that the ARX cipher salsa20 is secure against differential cryptanalysis. IACR Cryptol. ePrint Arch. 2013, 328 (2013). http://eprint.iacr.org/2013/328

  22. Prud’homme, C., Fages, J.G., Lorca, X.: Choco documentation. TASC, INRIA Rennes, LINA CNRS UMR 6241, COSLING S.A.S. (2016). http://www.choco-solver.org

  23. Rossi, F., Beek, P.V., Walsh, T.: Handbook of Constraint Programming (Foundations of Artificial Intelligence). Elsevier Science Inc., New York (2006)

    Google Scholar 

  24. Sasaki, Yu., Todo, Y.: New impossible differential search tool from design and cryptanalysis aspects. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10212, pp. 185–215. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56617-7_7

    Chapter  Google Scholar 

  25. Song, L., Qin, X., Hu, L.: Boomerang connectivity table revisited. Application to SKINNY and AES. IACR Trans. Symmetric Cryptol. 2019(1), 118–141 (2019). https://doi.org/10.13154/tosc.v2019.i1.118-141

    Article  Google Scholar 

  26. Soos, M., Nohl, K., Castelluccia, C.: Extending SAT solvers to cryptographic problems. In: Kullmann, O. (ed.) SAT 2009. LNCS, vol. 5584, pp. 244–257. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-02777-2_24

    Chapter  Google Scholar 

  27. Sun, L., Wang, W., Wang, M.: Automatic search of bit-based division property for ARX ciphers and word-based division property. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10624, pp. 128–157. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70694-8_5

    Chapter  Google Scholar 

  28. Sun, L., Wang, W., Wang, M.: More accurate differential properties of LED64 and Midori64. IACR Trans. Symmetric Cryptol. 2018(3), 93–123 (2018)

    Article  Google Scholar 

  29. Sun, S., et al.: Analysis of AES, SKINNY, and others with constraint programming. In: 24th International Conference on Fast Software Encryption (2017)

    Google Scholar 

  30. Sun, S., Hu, L., Wang, P., Qiao, K., Ma, X., Song, L.: Automatic security evaluation and (related-key) differential characteristic search: application to SIMON, PRESENT, LBlock, DES(L) and other bit-oriented block ciphers. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 158–178. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45611-8_9

    Chapter  Google Scholar 

  31. Zhao, B., Dong, X., Meier, W., Jia, K., Wang, G.: Generalized related-key rectangle attacks on block ciphers with linear key schedule: applications to SKINNY and GIFT. Des. Codes Cryptogr. 88(6), 1103–1126 (2020). https://doi.org/10.1007/s10623-020-00730-1

    Article  MathSciNet  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Univ. Rennes, CNRS, IRISA, Rennes, France

    Stéphanie Delaune, Patrick Derbez & Victor Mollimard

  2. Université de Lorraine, CNRS, Inria, LORIA, 54000, Nancy, France

    Paul Huynh & Marine Minier

  3. IMT-Atlantique, TASC, LS2N, Nantes, France

    Charles Prud’homme

Authors
  1. Stéphanie Delaune
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Patrick Derbez
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Paul Huynh
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Marine Minier
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Victor Mollimard
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Charles Prud’homme
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Stéphanie Delaune .

Editor information

Editors and Affiliations

  1. Waseda University, Tokyo, Japan

    Kazue Sako

  2. CISPA Helmholtz Center for Information Security, Saarbrücken, Germany

    Nils Ole Tippenhauer

Appendices

A Best (Related-Tweakey) Differential Characteristics for SKINNY-64

The best SK differential characteristics on 7 rounds of SKINNY-64 with probability equal to \(2^{-52}\) is given in Table 6. The best TK1 differential characteristics on 10 rounds of SKINNY-64 with probability equal to \(2^{-46}\) is given in Table 7. The Best TK2 differential characteristics on 13 rounds of SKINNY-64 with probability equal to \(2^{-55}\) is given in Table 8. Best TK3 differential characteristics on 15 rounds of SKINNY-64 with probability equal to \(2^{-54}\) is given in Table 9.

Table 6. The Best SK differential characteristics on 7 rounds of SKINNY-64 with probability equal to \(2^{-52}\). The four words represent the four rows of the state and are given in hexadecimal notation.
Full size table
Table 7. The Best TK1 differential characteristics on 10 rounds of SKINNY-64 with probability equal to \(2^{-46}\). The four words represent the four rows of the state and are given in hexadecimal notation.
Full size table
Table 8. The Best TK2 differential characteristics on 13 rounds of SKINNY-64 with probability equal to \(2^{-55}\). The four words represent the four rows of the state and are given in hexadecimal notation.
Full size table
Table 9. The Best TK3 differential characteristics on 15 rounds of SKINNY-64 with probability equal to \(2^{-54}\). The four words represent the four rows of the state and are given in hexadecimal notation.
Full size table

B Best (Related-Tweakey) Differential Characteristics for SKINNY-128

Concerning the best SK differential characteristics on 13 rounds of SKINNY-128, We obtain the same best SK differential characteristics on 13 rounds of SKINNY-128 with probability equal to \(2^{-123}\) given in Table 11 of Appendix D of [1]. The best TK1 differential characteristics on 14 rounds of SKINNY-128 with probability equal to \(2^{-120}\) is given in Table 10. The best TK2 differential characteristics on 16 rounds of SKINNY-128 with probability equal to \(2^{-127.6}\) we found is given in Table 11. The best TK3 differential characteristics on 17 rounds of SKINNY-128 with probability equal to \(2^{-110}\) we found is given in Table 12.

Table 10. The Best TK1 differential characteristics on 14 rounds of SKINNY-128 with probability equal to \(2^{-120}\). The four words represent the four rows of the state and are given in hexadecimal notation.
Full size table
Table 11. The Best TK2 differential characteristics we found on 16 rounds of SKINNY-128 with probability equal to \(2^{-127.6}\). The four words represent the four rows of the state and are given in hexadecimal notation.
Full size table
Table 12. The Best TK3 differential characteristics we found on 17 rounds of SKINNY-128 with probability equal to \(2^{-110}\). The four words represent the four rows of the state and are given in hexadecimal notation.
Full size table

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Delaune, S., Derbez, P., Huynh, P., Minier, M., Mollimard, V., Prud’homme, C. (2021). Efficient Methods to Search for Best Differential Characteristics on SKINNY. In: Sako, K., Tippenhauer, N.O. (eds) Applied Cryptography and Network Security. ACNS 2021. Lecture Notes in Computer Science(), vol 12727. Springer, Cham. https://doi.org/10.1007/978-3-030-78375-4_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-78375-4_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-78374-7

  • Online ISBN: 978-3-030-78375-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation