Abstract
WARP is a 128-bit block cipher published by Banik et al. at SAC 2020 as a lightweight alternative to AES.
It is based on a generalized Feistel network and achieves the smallest area footprint among 128-bit block ciphers in many settings.
Previous analysis results include integral key-recovery attacks on 21 out of 41 rounds.
In this paper, we propose integral key-recovery attacks on up to 32 rounds by improving both the integral distinguisher and the key-recovery approach substantially.
For the distinguisher, we show how to model the monomial prediction technique proposed by Hu et al. at ASIACRYPT 2020 as a SAT problem and thus create a bit-oriented model of WARP taking the key schedule into account.
Together with two additional observations on the properties of WARP's construction, we extend the best previous distinguisher by 2 rounds (as a classical integral distinguisher) or 4 rounds (for a generalized integral distinguisher).
For the key recovery, we create a graph-based model of the round function and demonstrate how to manipulate the graph to obtain a cipher representation amenable to FFT-based key recovery.
It is based on a generalized Feistel network and achieves the smallest area footprint among 128-bit block ciphers in many settings.
Previous analysis results include integral key-recovery attacks on 21 out of 41 rounds.
In this paper, we propose integral key-recovery attacks on up to 32 rounds by improving both the integral distinguisher and the key-recovery approach substantially.
For the distinguisher, we show how to model the monomial prediction technique proposed by Hu et al. at ASIACRYPT 2020 as a SAT problem and thus create a bit-oriented model of WARP taking the key schedule into account.
Together with two additional observations on the properties of WARP's construction, we extend the best previous distinguisher by 2 rounds (as a classical integral distinguisher) or 4 rounds (for a generalized integral distinguisher).
For the key recovery, we create a graph-based model of the round function and demonstrate how to manipulate the graph to obtain a cipher representation amenable to FFT-based key recovery.
Original language | English |
---|---|
Pages (from-to) | 92-112 |
Number of pages | 21 |
Journal | IACR Transactions on Symmetric Cryptology |
Volume | 2022 |
Issue number | 2 |
DOIs | |
Publication status | Published - 10 Jun 2022 |
Keywords
- Lightweight cryptography
- Integral cryptanalysis
- Monomial prediction
- FFT key recovery
- SAT
- WARP
- GFN
- CP
ASJC Scopus subject areas
- Information Systems
- Software
- Computational Mathematics
- Applied Mathematics
- Computer Science Applications
Fields of Expertise
- Information, Communication & Computing