Integral Cryptanalysis of WARP based on Monomial Prediction

Research output: Contribution to journalConference articlepeer-review

Abstract

WARP is a 128-bit block cipher published by Banik et al. at SAC 2020 as a lightweight alternative to AES.
It is based on a generalized Feistel network and achieves the smallest area footprint among 128-bit block ciphers in many settings.
Previous analysis results include integral key-recovery attacks on 21 out of 41 rounds.

In this paper, we propose integral key-recovery attacks on up to 32 rounds by improving both the integral distinguisher and the key-recovery approach substantially.
For the distinguisher, we show how to model the monomial prediction technique proposed by Hu et al. at ASIACRYPT 2020 as a SAT problem and thus create a bit-oriented model of WARP taking the key schedule into account.
Together with two additional observations on the properties of WARP's construction, we extend the best previous distinguisher by 2 rounds (as a classical integral distinguisher) or 4 rounds (for a generalized integral distinguisher).
For the key recovery, we create a graph-based model of the round function and demonstrate how to manipulate the graph to obtain a cipher representation amenable to FFT-based key recovery.
Original languageEnglish
Pages (from-to)92-112
Number of pages21
JournalIACR Transactions on Symmetric Cryptology
Volume2022
Issue number2
DOIs
Publication statusPublished - 10 Jun 2022

Keywords

  • Lightweight cryptography
  • Integral cryptanalysis
  • Monomial prediction
  • FFT key recovery
  • SAT
  • WARP
  • GFN
  • CP

ASJC Scopus subject areas

  • Information Systems
  • Software
  • Computational Mathematics
  • Applied Mathematics
  • Computer Science Applications

Fields of Expertise

  • Information, Communication & Computing

Fingerprint

Dive into the research topics of 'Integral Cryptanalysis of WARP based on Monomial Prediction'. Together they form a unique fingerprint.

Cite this