Abstract
Impossible differential (ID), zero-correlation (ZC), and integral attacks are a family of important attacks on block ciphers. For example, the impossible differential attack was the first cryptanalytic attack on 7 rounds of AES. Evaluating the security of block ciphers against these attacks is very important but also challenging: Finding these attacks usually implies a combinatorial optimization problem involving many parameters and constraints that is very hard to solve using manual approaches. Automated solvers, such as Constraint Programming (CP) solvers, can help the cryptanalyst to find suitable attacks. However, previous CP-based methods focus on finding only the ID, ZC, and integral distinguishers, often only in a limited search space. Notably, none can be extended to a unified optimization problem for finding full attacks, including efficient key-recovery steps. In this paper, we present a new CP-based method to search for ID, ZC, and integral distinguishers and extend it to a unified constraint optimization problem for finding full ID, ZC, and integral attacks. To show the effectiveness and usefulness of our method, we applied it to several block ciphers, including SKINNY, CRAFT, SKINNYe-v2, and SKINNYee. For the ISO standard block cipher SKINNY, we significantly improve all existing ID, ZC, and integral attacks. In particular, we improve the integral attacks on SKINNY-n-3n and SKINNY-n-2n by 3 and 2 rounds, respectively, obtaining the best cryptanalytic results on these variants in the single-key setting. We improve the ZC attack on SKINNY-n-n (SKINNY-n-2n) by 2 (resp. 1) rounds. We also improve the ID attacks on all variants of SKINNY. Particularly, we improve the time complexity of the best previous single-tweakey (related-tweakey) ID attack on SKINNY-128-256 (resp. SKINNY-128-384) by a factor of 2 22.57 (resp. 2 15.39 ). On CRAFT, we propose a 21-round (20-round) ID (resp. ZC) attack, which improves the best previous single-tweakey attack by 2 (resp. 1) rounds. Using our new model, we also provide several practical integral distinguishers for reduced-round SKINNY, CRAFT, and Deoxys-BC. Our method is generic and applicable to other strongly aligned block ciphers.
| Original language | English |
|---|---|
| Title of host publication | Advances in Cryptology – EUROCRYPT 2023 - 42nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2023, Proceedings |
| Editors | Carmit Hazay, Martijn Stam |
| Publisher | Springer |
| Chapter | 157 |
| Pages | 128-157 |
| Number of pages | 30 |
| ISBN (Electronic) | 978-3-031-30634-1 |
| ISBN (Print) | 978-3-031-30633-4 |
| DOIs | |
| Publication status | Published - 4 Sept 2023 |
| Event | 42nd Annual International Conference on the Theory and Applications of Cryptographic Techniques: EUROCRYPT 2023 - Lyon, France Duration: 23 Apr 2023 → 27 Apr 2023 Conference number: 42 https://eurocrypt.iacr.org/2023/ |
Publication series
| Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
|---|---|
| Volume | 2023 |
Conference
| Conference | 42nd Annual International Conference on the Theory and Applications of Cryptographic Techniques |
|---|---|
| Abbreviated title | EUROCRYPT 2023 |
| Country/Territory | France |
| City | Lyon |
| Period | 23/04/23 → 27/04/23 |
| Internet address |
Keywords
- Cryptanalysis
- Impossible differential attacks
- Zero-correlation attacks
- Integral attacks
- Combinatorial optimization
- Constraint programming
- SKINNY block cipher
- CRAFT block cipher
- Deoxys block cipher
- SKINNY
- Deoxys-BC
- CRAFT
- SKINNYe
- SKINNYee
ASJC Scopus subject areas
- Theoretical Computer Science
- Computer Science(all)
Fields of Expertise
- Information, Communication & Computing