Paper 2021/1641

Differential Cryptanalysis of WARP

Je Sen Teh, Universiti Sains Malaysia
Alex Biryukov, University of Luxembourg

WARP is an energy-efficient lightweight block cipher that is currently the smallest 128-bit block cipher in terms of hardware. It was proposed by Banik et al. in SAC 2020 as a lightweight replacement for AES-128 without changing the mode of operation. This paper proposes key-recovery attacks on WARP based on differential cryptanalysis in single and related-key settings. We searched for differential trails for up to 20 rounds of WARP, with the first 19 having optimal differential probabilities. We also found that the cipher has a strong differential effect, whereby 16 to 20-round differentials have substantially higher probabilities than their corresponding individual trails. A 23-round key-recovery attack was then realized using an 18-round differential distinguisher. Next, we formulated an automatic boomerang search using SMT that relies on the Feistel Boomerang Connectivity Table to identify valid switches. We designed the search as an add-on to the CryptoSMT tool, making it applicable to other Feistel-like ciphers such as TWINE and LBlock-s. For WARP, we found a 21-round boomerang distinguisher which was used in a 24-round rectangle attack. In the related-key setting, we describe a family of 2-round iterative differential trails, which we used in a practical related-key attack on the full 41-round WARP.

Note: Updated acknowledgment to include DOI for published paper.

Available format(s)
Secret-key cryptography
Publication info
Published elsewhere. Journal of Information Security and Applications
Differential cryptanalysis Rectangle attack Related-key WARP GFN
Contact author(s)
jesen_teh @ usm my
alex biryukov @ uni lu
2022-09-10: last of 5 revisions
2021-12-17: received
See all versions
Short URL
Creative Commons Attribution


      author = {Je Sen Teh and Alex Biryukov},
      title = {Differential Cryptanalysis of {WARP}},
      howpublished = {Cryptology ePrint Archive, Paper 2021/1641},
      year = {2021},
      doi = {10.1016/j.jisa.2022.103316},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.