Paper 2021/1641
Differential Cryptanalysis of WARP
Abstract
WARP is an energy-efficient lightweight block cipher that is currently the smallest 128-bit block cipher in terms of hardware. It was proposed by Banik et al. in SAC 2020 as a lightweight replacement for AES-128 without changing the mode of operation. This paper proposes key-recovery attacks on WARP based on differential cryptanalysis in single and related-key settings. We searched for differential trails for up to 20 rounds of WARP, with the first 19 having optimal differential probabilities. We also found that the cipher has a strong differential effect, whereby 16 to 20-round differentials have substantially higher probabilities than their corresponding individual trails. A 23-round key-recovery attack was then realized using an 18-round differential distinguisher. Next, we formulated an automatic boomerang search using SMT that relies on the Feistel Boomerang Connectivity Table to identify valid switches. We designed the search as an add-on to the CryptoSMT tool, making it applicable to other Feistel-like ciphers such as TWINE and LBlock-s. For WARP, we found a 21-round boomerang distinguisher which was used in a 24-round rectangle attack. In the related-key setting, we describe a family of 2-round iterative differential trails, which we used in a practical related-key attack on the full 41-round WARP.
Note: Updated acknowledgment to include DOI for published paper.
Metadata
- Available format(s)
- Category
- Secret-key cryptography
- Publication info
- Published elsewhere. Journal of Information Security and Applications
- DOI
- 10.1016/j.jisa.2022.103316
- Keywords
- Differential cryptanalysis Rectangle attack Related-key WARP GFN
- Contact author(s)
-
jesen_teh @ usm my
alex biryukov @ uni lu - History
- 2022-09-10: last of 5 revisions
- 2021-12-17: received
- See all versions
- Short URL
- https://ia.cr/2021/1641
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2021/1641, author = {Je Sen Teh and Alex Biryukov}, title = {Differential Cryptanalysis of {WARP}}, howpublished = {Cryptology {ePrint} Archive, Paper 2021/1641}, year = {2021}, doi = {10.1016/j.jisa.2022.103316}, url = {https://eprint.iacr.org/2021/1641} }