Paper 2021/1641

Differential Cryptanalysis of WARP

Je Sen Teh and Alex Biryukov

Abstract

WARP is an energy-efficient lightweight block cipher that is currently the smallest 128-bit block cipher in terms of hardware. It was proposed by Banik et al. in SAC 2020 as a lightweight replacement for AES-128 without changing the mode of operation. This paper proposes key-recovery attacks on WARP based on differential cryptanalysis in single and related-key settings. We searched for differential trails for up to 20 rounds of WARP, with the first 19 having optimal differential probabilities. We also found that the cipher has a strong differential effect, whereby 16 to 20-round differentials have substantially higher probabilities than their corresponding individual trails. A 23-round key-recovery attack was then realized using an 18-round differential distinguisher. Next, we formulated an automatic boomerang search using SMT that relies on the Feistel Boomerang Connectivity Table to identify valid switches. We designed the search as an add-on to the CryptoSMT tool, making it applicable to other Feistel-like ciphers such as TWINE and LBlock-s. For WARP, we found a 21-round boomerang distinguisher which was used in a 24-round rectangle attack. In the related-key setting, we describe a family of 2-round iterative differential trails, which we used in a practical related-key attack on the full 41-round WARP.

Note: Updated format

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
Differential cryptanalysisRectangle attackRelated-keyWARPGFN
Contact author(s)
jesen_teh @ usm my
alex biryukov @ uni lu
History
2022-02-22: last of 3 revisions
2021-12-17: received
See all versions
Short URL
https://ia.cr/2021/1641
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2021/1641,
      author = {Je Sen Teh and Alex Biryukov},
      title = {Differential Cryptanalysis of WARP},
      howpublished = {Cryptology ePrint Archive, Paper 2021/1641},
      year = {2021},
      note = {\url{https://eprint.iacr.org/2021/1641}},
      url = {https://eprint.iacr.org/2021/1641}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.