Paper 2018/390

MILP-based Differential Attack on Round-reduced GIFT

Baoyu Zhu, Xiaoyang Dong, and Hongbo Yu

Abstract

At Asiacrypt 2014, Sun et al. proposed a MILP model to search for differential characteristics of bit-oriented block ciphers. In this paper, we improve this model to search for differential characteristics of GIFT, a new lightweight block cipher proposed at CHES 2017. GIFT has two versions, namely GIFT-64 and GIFT-128. For GIFT-64, we find the best 12-round differential characteristic and a number of iterative 4-round differential characteristics with our MILP-based model. We give a key-recovery attack on 19-round GIFT-64. For GIFT-128, we find a 18-round differential characteristic and give the first attack on 22-round GIFT-128.

Note: This paper is a corrected version of that in CT-RSA 2019. We would like to thank Siang Meng Sim for pointing out the error in the attack on 23-round GIFT-128 in the original paper at CT-RSA 2019. In the current version, we give the key-recover attack on 22-round GIFT-128 in section 5 to replace the original 23-round attack.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Minor revision. CT-RSA 2019
Keywords
GIFTDifferential CryptanalysisLightweight Block CipherMILP
Contact author(s)
zhuby16 @ mails tsinghua edu cn
xiaoyangdong @ tsinghua edu cn
History
2019-06-06: last of 4 revisions
2018-05-01: received
See all versions
Short URL
https://ia.cr/2018/390
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2018/390,
      author = {Baoyu Zhu and Xiaoyang Dong and Hongbo Yu},
      title = {{MILP}-based Differential Attack on Round-reduced {GIFT}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2018/390},
      year = {2018},
      url = {https://eprint.iacr.org/2018/390}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.