Paper 2022/1444

Finding Three-Subset Division Property for Ciphers with Complex Linear Layers (Full Version)

Debasmita Chakraborty, Indian Statistical Institute,Kolkata
Abstract

Conventional bit-based division property (CBDP) and bit- based division property using three subsets (BDPT) introduced by Todo et al. at FSE 2016 are the most effective techniques for finding integral characteristics of symmetric ciphers. At ASIACRYPT 2019, Wang et al. proposed the idea of modeling the propagation of BDPT, and recently Liu et al. described a model set method that characterized the BDPT propagation. However, the linear layers of the block ciphers which are analyzed using the above two methods of BDPT propagation are restricted to simple bit permutation. Thus the feasibility of the MILP method of BDPT propagation to analyze ciphers with complex linear layers is not settled. In this paper, we focus on constructing an automatic search algorithm that can accurately characterize BDPT propagation for ciphers with complex linear layers. We first introduce BDPT propagation rule for the binary diffusion layer and model that propagation in MILP efficiently. The solutions to these inequalities are exact BDPT trails of the binary diffusion layer. Next, we propose a new algorithm that models Key-Xor operation in BDPT based on MILP technique. Based on these ideas, we construct an automatic search algorithm that accurately characterizes the BDPT propagation and we prove the correctness of our search algorithm. We demonstrate our model for the block ciphers with non-binary diffusion layers by decomposing the non-binary linear layer trivially by the COPY and XOR operations. Therefore, we apply our method to search integral distinguishers based on BDPT of SIMON, SIMON(102), PRINCE, MANTIS, PRIDE, and KLEIN block ciphers. For PRINCE and MANTIS, we find (2 + 2) and (3 + 3) round integral distinguishers respectively which are longest to date. We also improve the previous best integral distinguishers of PRIDE and KLEIN. For SIMON, SIMON(102), the integral distinguishers found by our method are consistent with the existing longest distinguishers.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Published elsewhere. INDOCRYPT 2022
Keywords
BDPT Complex Linear Layer Binary Matrix MILP
Contact author(s)
debasmitachakraborty1 @ gmail com
History
2022-10-25: approved
2022-10-23: received
See all versions
Short URL
https://ia.cr/2022/1444
License
No rights reserved
CC0

BibTeX 

@misc{cryptoeprint:2022/1444,
      author = {Debasmita Chakraborty},
      title = {Finding Three-Subset Division Property for Ciphers with Complex Linear Layers (Full Version)},
      howpublished = {Cryptology ePrint Archive, Paper 2022/1444},
      year = {2022},
      note = {\url{https://eprint.iacr.org/2022/1444}},
      url = {https://eprint.iacr.org/2022/1444}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.