Abstract
The most crucial but time-consuming task for differential cryptanalysis is to find a differential with a high probability. To tackle this task, we propose a new SAT-based automatic search framework to efficiently figure out a differential with the highest probability under a specified condition. As the previous SAT methods (e.g., the Sun et al.’s method proposed at ToSC 2021(1)) focused on accelerating the search of an optimal single differential characteristic, these are not optimized for evaluating a clustering effect to obtain a tighter differential probability of differentials. In contrast, our framework takes advantage of a method to solve incremental SAT problems in parallel using a multi-threading technique, and consequently, it offers the following advantages compared with the previous methods: (1) speedy identification of a differential with the highest probability under the specified conditions; (2) efficient construction of the truncated differential with the highest probability from the obtained multiple differentials; and (3) applicability to a wide class of the symmetric-key primitives. To demonstrate the effectiveness of our framework, we apply it to the block cipher PRINCE and the tweakable block cipher QARMA. We successfully figure out the tight differential bounds for all variants of PRINCE and QARMA within the practical time, thereby identifying the longest distinguisher for all the variants, which improves existing ones by one to four more rounds. Besides, we uncover notable differences between PRINCE and QARMA in the behavior of differential, especially for the clustering effect. We believe that our findings shed light on new structural properties of these important primitives.
Due to the page limitation, we leave the part of (1) descriptions of several basic algorithms and SAT models, (2) a detailed explanation of our investigation about the impact of multi-threading techniques, (3) key-recovery attacks, and (4) discussion of good parameters in our algorithms to the full version of this paper (https://eprint.iacr.org/2023/1227).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
CryptoMiniSat5 is the winner of the incremental library track at SAT competition 2020.
- 3.
References
Ankele, R., Dobraunig, C., Guo, J., Lambooij, E., Leander, G., Todo, Y.: Zero-correlation attacks on tweakable block ciphers with linear tweakey expansion. IACR Trans. Symmetric Cryptol. 2019(1), 192–235 (2019)
Ankele, R., Kölbl, S.: Mind the gap - a closer look at the security of block ciphers against differential cryptanalysis. In: Cid, C., Jacobson, M., Jr. (eds.) SAC 2018. LNCS, vol. 11349, pp. 163–190. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-10970-7_8
Avanzi, R.: The QARMA block cipher family. Almost MDS matrices over rings with zero divisors, nearly symmetric even-mansour constructions with non-involutory central rounds, and search heuristics for low-latency s-boxes. IACR Trans. Symmetric Cryptol. 2017(1), 4–44 (2017)
Bailleux, O., Boufkhad, Y.: Efficient CNF encoding of Boolean cardinality constraints. In: Rossi, F. (ed.) CP 2003. LNCS, vol. 2833, pp. 108–122. Springer, Cham (2003). https://doi.org/10.1007/978-3-540-45193-8_8
Banik, S., et al.: Midori: a block cipher for low energy. In: Iwata, T., Cheon, J. (eds.) ASIACRYPT 2015. LNSC, vol. 9453, pp. 411–436. Springer, Cham (2015). https://doi.org/10.1007/978-3-662-48800-3_17
Beierle, C., et al.: The SKINNY family of block ciphers and its low-latency variant MANTIS. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNSC, vol. 9815, pp. 123–153. Springer, Cham (2016). https://doi.org/10.1007/978-3-662-53008-5_5
Biham, E., Shamir, A.: Differential cryptanalysis of des-like cryptosystems. In: Menezes, A.J., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 2–21. Springer, Cham (1990). https://doi.org/10.1007/3-540-38424-3_1
Biryukov, A., Roy, A., Velichkov, V.: Differential analysis of block ciphers SIMON and SPECK. In: Cid, C., Rechberger, C. (eds.) FSE 2014. LNSC, vol. 8540, pp. 546–570. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-46706-0_28
Borghoff, J., et al.: PRINCE - a low-latency block cipher for pervasive computing applications - extended abstract. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNSC, vol. 7658, pp. 208–225. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34961-4_14
Boura, C., David, N., Boissier, R.H., Naya-Plasencia, M.: Better steady than speedy: full break of SPEEDY-7-192. IACR Cryptology ePrint Archive, p. 1351 (2022)
Bozilov, D., et al.: PRINCEv2 - more security for (almost) no overhead. In: Dunkelman, O., Jacobson, M.J., Jr., O’Flynn, C. (eds.) SAC 2020. LNSC, vol. 12804, pp. 483–511. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-81652-0_19
Canteaut, A., Fuhr, T., Gilbert, H., Naya-Plasencia, M., Reinhard, J.: Multiple differential cryptanalysis of round-reduced PRINCE. In: Cid, C., Rechberger, C. (eds.) FSE 2014. LNSC, vol. 8540, pp. 591–610. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-46706-0_30
Cook, S.A.: The complexity of theorem-proving procedures. In: STOC, pp. 151–158. ACM (1971)
Ding, Y., Zhao, J., Li, L., Yu, H.: Impossible differential analysis on round-reduced PRINCE. J. Inf. Sci. Eng. 33(4), 1041–1053 (2017)
Dobraunig, C., Eichlseder, M., Kales, D., Mendel, F.: Practical key-recovery attack on MANTIS5. IACR Trans. Symmetric Cryptol. 2016(2), 248–260 (2016)
Eén, N., Biere, A.: Effective preprocessing in SAT through variable and clause elimination. In: Bacchus, F., Walsh, T. (eds.) SAT 2005. LNTCS, vol. 3569, pp. 61–75. Springer, Heidelberg (2005). https://doi.org/10.1007/11499107_5
Erlacher, J., Mendel, F., Eichlseder, M.: Bounds for the security of ascon against differential and linear cryptanalysis. IACR Trans. Symmetric Cryptol. 2022(1), 64–87 (2022)
Kölbl, S., Leander, G., Tiessen, T.: Observations on the SIMON block cipher family. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNSC, vol. 9215, pp. 161–185. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-47989-6_8
Kölbl, S., Roy, A.: A brief comparison of simon and simeck. In: Bogdanov, A. (ed.) LightSec 2016. LNSC, vol. 10098, pp. 69–88. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-55714-4_6
Lai, X., Massey, J.L., Murphy, S.: Markov ciphers and differential cryptanalysis. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 17–38. Springer, Heidelberg (1991). https://doi.org/10.1007/3-540-46416-6_2
Leander, G., Moos, T., Moradi, A., Rasoolzadeh, S.: The SPEEDY family of block ciphers engineering an ultra low-latency cipher from gate level for secure processor architectures. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2021(4), 510–545 (2021)
Li, M., Hu, K., Wang, M.: Related-tweak statistical saturation cryptanalysis and its application on QARMA. IACR Trans. Symmetric Cryptol. 2019(1), 236–263 (2019)
Liu, Y., Zang, T., Gu, D., Zhao, F., Li, W., Liu, Z.: Improved cryptanalysis of reduced-version QARMA-64/128. IEEE Access 8, 8361–8370 (2020)
Matsui, M.: On correlation between the order of S-boxes and the strength of DES. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 366–375. Springer, Heidelberg (1994). https://doi.org/10.1007/BFb0053451
Sinz, C.: Towards an optimal CNF encoding of Boolean cardinality constraints. In: van Beek, P. (ed.) CP 2005. LNPSE, vol. 3709, pp. 827–831. Springer, Heidelberg (2005). https://doi.org/10.1007/11564751_73
Sun, L., Wang, W., Wang, M.: More accurate differential properties of LED64 and Midori64. IACR Trans. Symmetric Cryptol. 2018(3), 93–123 (2018)
Sun, L., Wang, W., Wang, M.: Accelerating the search of differential and linear characteristics with the SAT method. IACR Trans. Symmetric Cryptol. 2021(1), 269–315 (2021)
Yang, D., Qi, W., Chen, H.: Impossible differential attack on QARMA family of block ciphers. IACR Cryptology ePrint Archive, p. 334 (2018)
Yang, G., Zhu, B., Suder, V., Aagaard, M.D., Gong, G.: The Simeck family of lightweight block ciphers. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNSC, vol. 9293, pp. 307–329. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48324-4_16
Zong, R., Dong, X.: MILP-aided related-tweak/key impossible differential attack and its applications to QARMA, Joltik-BC. IEEE Access 7, 153683–153693 (2019)
Acknowledgments
Takanori Isobe is supported by JST, PRESTO Grant Number JPMJPR2031. These research results were also obtained from the commissioned research (No. 05801) by National Institute of Information and Communications Technology (NICT), Japan.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Sakamoto, K., Ito, R., Isobe, T. (2024). Parallel SAT Framework to Find Clustering of Differential Characteristics and Its Applications. In: Carlet, C., Mandal, K., Rijmen, V. (eds) Selected Areas in Cryptography – SAC 2023. SAC 2023. Lecture Notes in Computer Science, vol 14201. Springer, Cham. https://doi.org/10.1007/978-3-031-53368-6_20
Download citation
DOI: https://doi.org/10.1007/978-3-031-53368-6_20
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-53367-9
Online ISBN: 978-3-031-53368-6
eBook Packages: Computer ScienceComputer Science (R0)