Paper 2022/729

Integral Cryptanalysis of WARP based on Monomial Prediction

Hosein Hadipour, Graz University of Technology, Graz, Austria
Maria Eichlseder, Graz University of Technology, Graz, Austria

WARP is a 128-bit block cipher published by Banik et al. at SAC 2020 as a lightweight alternative to AES. It is based on a generalized Feistel network and achieves the smallest area footprint among 128-bit block ciphers in many settings. Previous analysis results include integral key-recovery attacks on 21 out of 41 rounds. In this paper, we propose integral key-recovery attacks on up to 32 rounds by improving both the integral distinguisher and the key-recovery approach substantially. For the distinguisher, we show how to model the monomial prediction technique proposed by Hu et al. at ASIACRYPT 2020 as a SAT problem and thus create a bit-oriented model of WARP taking the key schedule into account. Together with two additional observations on the properties of WARP's construction, we extend the best previous distinguisher by 2 rounds (as a classical integral distinguisher) or 4 rounds (for a generalized integral distinguisher). For the key recovery, we create a graph-based model of the round function and demonstrate how to manipulate the graph to obtain a cipher representation amenable to FFT-based key recovery.

Note: The source code of our tool is available in the following Github repository and can be applied to other designs as well:

Available format(s)
Attacks and cryptanalysis
Publication info
Published by the IACR in TOSC 2022
Lightweight cryptography WARP GFN Integral cryptanalysis Monomial prediction CP SAT FFT key recovery AES
Contact author(s)
hsn hadipour @ gmail com
maria eichlseder @ iaik tugraz at
2022-06-10: revised
2022-06-08: received
See all versions
Short URL
Creative Commons Attribution


      author = {Hosein Hadipour and Maria Eichlseder},
      title = {Integral Cryptanalysis of WARP based on Monomial Prediction},
      howpublished = {Cryptology ePrint Archive, Paper 2022/729},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.