• PDF / 505,710 Bytes
• 31 Pages / 439.37 x 666.142 pts Page_size
• 9 Downloads / 189 Views

DOWNLOAD

REPORT

State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China {xiangzejun,zhangwentao,baozhenzhen,ddlin}@iie.ac.cn 2 University of Chinese Academy of Sciences, Beijing, China

Abstract. Division property is a generalized integral property proposed by Todo at EUROCRYPT 2015, and very recently, Todo et al. proposed bit-based division property and applied to SIMON32 at FSE 2016. However, this technique can only be applied to block ciphers with block size no larger than 32 due to its high time and memory complexity. In this paper, we extend Mixed Integer Linear Programming (MILP) method, which is used to search differential characteristics and linear trails of block ciphers, to search integral distinguishers of block ciphers based on division property with block size larger than 32. Firstly, we study how to model division property propagations of three basic operations (copy, bitwise AND, XOR) and an Sbox operation by linear inequalities, based on which we are able to construct a linear inequality system which can accurately describe the division property propagations of a block cipher given an initial division property. Secondly, by choosing an appropriate objective function, we convert a search algorithm under Todo’s framework into an MILP problem, and we use this MILP problem appropriately to search integral distinguishers. As an application of our technique, we have searched integral distinguishers for SIMON, SIMECK, PRESENT, RECTANGLE, LBlock and TWINE. Our results show that we can find 14-, 16-, 18-, 22- and 26-round integral distinguishers for SIMON32, 48, 64, 96 and 128 respectively. Moreover, for two SP-network lightweight block ciphers PRESENT and RECTANGLE, we found 9-round integral distinguishers for both ciphers which are two more rounds than the best integral distinguishers in the literature [22, 29]. For LBlock and TWINE, our results are consistent with the best known ones with respect to the longest distinguishers. Keywords: MILP SIMON · SIMECK

1

· Division property · Integral cryptanalysis · · PRESENT · RECTANGLE · LBlock · TWINE

Introduction

Programming problem is a mathematical optimization which aims to achieve the minimal or maximal value of an objective function under certain constraints, and c International Association for Cryptologic Research 2016  J.H. Cheon and T. Takagi (Eds.): ASIACRYPT 2016, Part I, LNCS 10031, pp. 648–678, 2016. DOI: 10.1007/978-3-662-53887-6 24

Applying MILP Method to Searching Integral Distinguishers

649

it has a wide range of applications from industry to academic community. Mixed Integer Linear Programming (MILP) is a kind of programming problem whose objective function and constraints are linear, and all or some of the variables involved in the problem are restricted to be integers. In recent years, MILP has found its applications in cryptographic community. Mouha et al. [11] and Wu et al. [21] applied MILP method to automatically count differential and linear active Sboxes for word-based block ci

Recommend Documents

Dietary Recommendations for Lightweight Block Ciphers: Power, Energy and Area Analysis of Recently Developed Architectur

143 81 273KB

Performance analysis of current lightweight stream ciphers for constrained environments

169 35 864KB

How to Build Optimally Secure PRFs Using Block Ciphers

165 13 22MB

Tweaking Key-Alternating Feistel Block Ciphers

139 40 10MB

Lower Bounds on the Degree of Block Ciphers

177 73 22MB

Randomized Substitution Method for Effectively Secure Block Ciphers in I.O.T Environment

140 54 2MB

Weighted Lightweight Image Retrieval Method Based on Linear Regression

148 60 22MB

VLSI Implementation of ESF and QTL Lightweight Ciphers

139 50 50MB

A Lightweight Indoor Location Method Based on Image Fingerprint

199 88 88MB

A MILP-Based Approach for Hydrothermal Scheduling

139 92 138KB

PriPresent: an embedded prime LightWeight block cipher for smart devices

171 79 3MB

Research on Differential Power Analysis of Lightweight Block Cipher LED

195 97 168MB