TY - GEN
T1 - Automatic Key Recovery of Feistel Ciphers
T2 - 16th International Conference on Information Security Practice and Experience, ISPEC 2021
AU - Zhang, Yingjie
AU - Lyu, Lijun
AU - Qiao, Kexin
AU - Zhang, Zhiyu
AU - Sun, Siwei
AU - Hu, Lei
N1 - Publisher Copyright:
© 2021, Springer Nature Switzerland AG.
PY - 2021
Y1 - 2021
N2 - Linear cryptanalysis is one of the most effective statistical analysis methods on symmetric-key ciphers. It has benefited from many improvements since being proposed. Among these works, Antonio et al. proposed a fast arbitrary-round key recovery method based on Fast Walsh-Hadamard Transform (FWHT) in EUROCRYPT 2020. However, they did not promote their method on the Feistel structure, which is used widely. In addition, there are very few automatic methods for the key recovery phase. This paper extends Antonio et al.’s method to the Feistel structure and builds a Mixed-Integer Linear Programming (MILP) model to determine the guessed subkeys automatically. Due to this, we can automatically optimize the time complexity of linear cryptanalysis. Afterward, we apply our method to SIMON and SIMECK and increase the attackable rounds of SIMON64/96, SIMON64/128, SIMON96/96, SIMON96/144, SIMECK48/96, and SIMECK64/128 by one round to 31, 32, 38, 39, 31, and 38, respectively.
AB - Linear cryptanalysis is one of the most effective statistical analysis methods on symmetric-key ciphers. It has benefited from many improvements since being proposed. Among these works, Antonio et al. proposed a fast arbitrary-round key recovery method based on Fast Walsh-Hadamard Transform (FWHT) in EUROCRYPT 2020. However, they did not promote their method on the Feistel structure, which is used widely. In addition, there are very few automatic methods for the key recovery phase. This paper extends Antonio et al.’s method to the Feistel structure and builds a Mixed-Integer Linear Programming (MILP) model to determine the guessed subkeys automatically. Due to this, we can automatically optimize the time complexity of linear cryptanalysis. Afterward, we apply our method to SIMON and SIMECK and increase the attackable rounds of SIMON64/96, SIMON64/128, SIMON96/96, SIMON96/144, SIMECK48/96, and SIMECK64/128 by one round to 31, 32, 38, 39, 31, and 38, respectively.
KW - FWHT
KW - Feistel structure
KW - Linear cryptanalysis
KW - MILP
KW - Matsui’s Algorithm 2
KW - SIMECK
KW - SIMON
UR - http://www.scopus.com/inward/record.url?scp=85122011496&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-93206-0_10
DO - 10.1007/978-3-030-93206-0_10
M3 - Conference contribution
AN - SCOPUS:85122011496
SN - 9783030932053
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 147
EP - 167
BT - Information Security Practice and Experience - 16th International Conference, ISPEC 2021, Proceedings
A2 - Deng, Robert
A2 - Bao, Feng
A2 - Wang, Guilin
A2 - Shen, Jian
A2 - Ryan, Mark
A2 - Meng, Weizhi
A2 - Wang, Ding
PB - Springer Science and Business Media Deutschland GmbH
Y2 - 17 December 2021 through 19 December 2021
ER -