Extending the applicability of the mixed-integer programming technique in automatic differential cryptanalysis

Siwei Sun; Lei Hu; Meiqin Wang; Qianqian Yang; Kexin Qiao; Xiaoshuang Ma; Ling Song; Jinyong Shan

doi:10.1007/978-3-319-23318-5_8

Extending the applicability of the mixed-integer programming technique in automatic differential cryptanalysis

Siwei Sun, Lei Hu^*, Meiqin Wang, Qianqian Yang, Kexin Qiao, Xiaoshuang Ma, Ling Song, Jinyong Shan

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

4 Citations (Scopus)

Abstract

We focus on extending the applicability of the mixed-integer programming (MIP) based method in differential cryptanalysis such that more work can be done automatically. Firstly, we show how to use the MIP-based technique to obtain almost all high probability 2-round iterative related-key differential characteristics of PRIDE (a block cipher proposed in CRYPTO 2014) automatically by treating the (formula presented) function with a special kind of modulo addition operations in the key schedule algorithm of PRIDE as an 8 × 8 S-box and partially modelling its differential behavior with linear inequalities. Note that some of the characteristics presented in this paper has not been found before, and all the characteristics we found can be used to attack the full-round PRIDE in the related-key model. Secondly, we show how to construct MIP models whose feasible regions are exactly the sets of all possible differential characteristics of SIMON (a family of lightweight block ciphers designed by the U.S. National Security Agency). With this method, there is no need to filter out invalid characteristics due to the dependent inputs of the AND operations. Finally, we present an MIP-based method which can be used to automatically analyze how the differences at the beginning and end of a differential distinguisher propagate upwards and downward. Note that how the differences at the ends of a differential distinguisher propagate, together with the probability of the differential distinguisher, determine how many outer rounds can be added to the distinguisher, which key bits can be recovered without exhaustive search, and how to identify wrong pairs in the filtering process. We think this work serves to further strengthens the position of the MIP as a promising tool in automatic differential cryptanalysis.

Original language	English
Title of host publication	Information Security - 18th International Conference, ISC 2015, Proceedings
Editors	Javier Lopez, Chris J. Mitchell
Publisher	Springer Verlag
Pages	141-157
Number of pages	17
ISBN (Print)	9783319233178
DOIs	https://doi.org/10.1007/978-3-319-23318-5_8
Publication status	Published - 2015
Externally published	Yes
Event	18th International Conference on Information Security, ISC 2015 - Trondheim, Norway Duration: 9 Sept 2015 → 11 Sept 2015

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	9290
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	18th International Conference on Information Security, ISC 2015
Country/Territory	Norway
City	Trondheim
Period	9/09/15 → 11/09/15

Keywords

Automatic cryptanalysis
Mixed-integer programming
PRIDE
Related-key differential attack

Access to Document

10.1007/978-3-319-23318-5_8

Cite this

Sun, S., Hu, L., Wang, M., Yang, Q., Qiao, K., Ma, X., Song, L., & Shan, J. (2015). Extending the applicability of the mixed-integer programming technique in automatic differential cryptanalysis. In J. Lopez, & C. J. Mitchell (Eds.), Information Security - 18th International Conference, ISC 2015, Proceedings (pp. 141-157). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9290). Springer Verlag. https://doi.org/10.1007/978-3-319-23318-5_8

Sun, Siwei ; Hu, Lei ; Wang, Meiqin et al. / Extending the applicability of the mixed-integer programming technique in automatic differential cryptanalysis. Information Security - 18th International Conference, ISC 2015, Proceedings. editor / Javier Lopez ; Chris J. Mitchell. Springer Verlag, 2015. pp. 141-157 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{eec86514eb934144965e39dc62126956,

title = "Extending the applicability of the mixed-integer programming technique in automatic differential cryptanalysis",

abstract = "We focus on extending the applicability of the mixed-integer programming (MIP) based method in differential cryptanalysis such that more work can be done automatically. Firstly, we show how to use the MIP-based technique to obtain almost all high probability 2-round iterative related-key differential characteristics of PRIDE (a block cipher proposed in CRYPTO 2014) automatically by treating the (formula presented) function with a special kind of modulo addition operations in the key schedule algorithm of PRIDE as an 8 × 8 S-box and partially modelling its differential behavior with linear inequalities. Note that some of the characteristics presented in this paper has not been found before, and all the characteristics we found can be used to attack the full-round PRIDE in the related-key model. Secondly, we show how to construct MIP models whose feasible regions are exactly the sets of all possible differential characteristics of SIMON (a family of lightweight block ciphers designed by the U.S. National Security Agency). With this method, there is no need to filter out invalid characteristics due to the dependent inputs of the AND operations. Finally, we present an MIP-based method which can be used to automatically analyze how the differences at the beginning and end of a differential distinguisher propagate upwards and downward. Note that how the differences at the ends of a differential distinguisher propagate, together with the probability of the differential distinguisher, determine how many outer rounds can be added to the distinguisher, which key bits can be recovered without exhaustive search, and how to identify wrong pairs in the filtering process. We think this work serves to further strengthens the position of the MIP as a promising tool in automatic differential cryptanalysis.",

keywords = "Automatic cryptanalysis, Mixed-integer programming, PRIDE, Related-key differential attack",

author = "Siwei Sun and Lei Hu and Meiqin Wang and Qianqian Yang and Kexin Qiao and Xiaoshuang Ma and Ling Song and Jinyong Shan",

note = "Publisher Copyright: {\textcopyright} Springer International Publishing Switzerland 2015.; 18th International Conference on Information Security, ISC 2015 ; Conference date: 09-09-2015 Through 11-09-2015",

year = "2015",

doi = "10.1007/978-3-319-23318-5_8",

language = "English",

isbn = "9783319233178",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "141--157",

editor = "Javier Lopez and Mitchell, {Chris J.}",

booktitle = "Information Security - 18th International Conference, ISC 2015, Proceedings",

address = "Germany",

}

Sun, S, Hu, L, Wang, M, Yang, Q, Qiao, K, Ma, X, Song, L & Shan, J 2015, Extending the applicability of the mixed-integer programming technique in automatic differential cryptanalysis. in J Lopez & CJ Mitchell (eds), Information Security - 18th International Conference, ISC 2015, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 9290, Springer Verlag, pp. 141-157, 18th International Conference on Information Security, ISC 2015, Trondheim, Norway, 9/09/15. https://doi.org/10.1007/978-3-319-23318-5_8

Extending the applicability of the mixed-integer programming technique in automatic differential cryptanalysis. / Sun, Siwei; Hu, Lei; Wang, Meiqin et al.
Information Security - 18th International Conference, ISC 2015, Proceedings. ed. / Javier Lopez; Chris J. Mitchell. Springer Verlag, 2015. p. 141-157 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9290).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Extending the applicability of the mixed-integer programming technique in automatic differential cryptanalysis

AU - Sun, Siwei

AU - Hu, Lei

AU - Wang, Meiqin

AU - Yang, Qianqian

AU - Qiao, Kexin

AU - Ma, Xiaoshuang

AU - Song, Ling

AU - Shan, Jinyong

N1 - Publisher Copyright: © Springer International Publishing Switzerland 2015.

PY - 2015

Y1 - 2015

N2 - We focus on extending the applicability of the mixed-integer programming (MIP) based method in differential cryptanalysis such that more work can be done automatically. Firstly, we show how to use the MIP-based technique to obtain almost all high probability 2-round iterative related-key differential characteristics of PRIDE (a block cipher proposed in CRYPTO 2014) automatically by treating the (formula presented) function with a special kind of modulo addition operations in the key schedule algorithm of PRIDE as an 8 × 8 S-box and partially modelling its differential behavior with linear inequalities. Note that some of the characteristics presented in this paper has not been found before, and all the characteristics we found can be used to attack the full-round PRIDE in the related-key model. Secondly, we show how to construct MIP models whose feasible regions are exactly the sets of all possible differential characteristics of SIMON (a family of lightweight block ciphers designed by the U.S. National Security Agency). With this method, there is no need to filter out invalid characteristics due to the dependent inputs of the AND operations. Finally, we present an MIP-based method which can be used to automatically analyze how the differences at the beginning and end of a differential distinguisher propagate upwards and downward. Note that how the differences at the ends of a differential distinguisher propagate, together with the probability of the differential distinguisher, determine how many outer rounds can be added to the distinguisher, which key bits can be recovered without exhaustive search, and how to identify wrong pairs in the filtering process. We think this work serves to further strengthens the position of the MIP as a promising tool in automatic differential cryptanalysis.

AB - We focus on extending the applicability of the mixed-integer programming (MIP) based method in differential cryptanalysis such that more work can be done automatically. Firstly, we show how to use the MIP-based technique to obtain almost all high probability 2-round iterative related-key differential characteristics of PRIDE (a block cipher proposed in CRYPTO 2014) automatically by treating the (formula presented) function with a special kind of modulo addition operations in the key schedule algorithm of PRIDE as an 8 × 8 S-box and partially modelling its differential behavior with linear inequalities. Note that some of the characteristics presented in this paper has not been found before, and all the characteristics we found can be used to attack the full-round PRIDE in the related-key model. Secondly, we show how to construct MIP models whose feasible regions are exactly the sets of all possible differential characteristics of SIMON (a family of lightweight block ciphers designed by the U.S. National Security Agency). With this method, there is no need to filter out invalid characteristics due to the dependent inputs of the AND operations. Finally, we present an MIP-based method which can be used to automatically analyze how the differences at the beginning and end of a differential distinguisher propagate upwards and downward. Note that how the differences at the ends of a differential distinguisher propagate, together with the probability of the differential distinguisher, determine how many outer rounds can be added to the distinguisher, which key bits can be recovered without exhaustive search, and how to identify wrong pairs in the filtering process. We think this work serves to further strengthens the position of the MIP as a promising tool in automatic differential cryptanalysis.

KW - Automatic cryptanalysis

KW - Mixed-integer programming

KW - PRIDE

KW - Related-key differential attack

UR - http://www.scopus.com/inward/record.url?scp=84945897667&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-23318-5_8

DO - 10.1007/978-3-319-23318-5_8

M3 - Conference contribution

AN - SCOPUS:84945897667

SN - 9783319233178

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 141

EP - 157

BT - Information Security - 18th International Conference, ISC 2015, Proceedings

A2 - Lopez, Javier

A2 - Mitchell, Chris J.

PB - Springer Verlag

T2 - 18th International Conference on Information Security, ISC 2015

Y2 - 9 September 2015 through 11 September 2015

ER -

Sun S, Hu L, Wang M, Yang Q, Qiao K, Ma X et al. Extending the applicability of the mixed-integer programming technique in automatic differential cryptanalysis. In Lopez J, Mitchell CJ, editors, Information Security - 18th International Conference, ISC 2015, Proceedings. Springer Verlag. 2015. p. 141-157. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-23318-5_8

Extending the applicability of the mixed-integer programming technique in automatic differential cryptanalysis

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this