Paper 2022/729

Integral Cryptanalysis of WARP based on Monomial Prediction

Hosein Hadipour, Graz University of Technology, Graz, Austria
Maria Eichlseder, Graz University of Technology, Graz, Austria
Abstract

WARP is a 128-bit block cipher published by Banik et al. at SAC 2020 as a lightweight alternative to AES. It is based on a generalized Feistel network and achieves the smallest area footprint among 128-bit block ciphers in many settings. Previous analysis results include integral key-recovery attacks on 21 out of 41 rounds. In this paper, we propose integral key-recovery attacks on up to 32 rounds by improving both the integral distinguisher and the key-recovery approach substantially. For the distinguisher, we show how to model the monomial prediction technique proposed by Hu et al. at ASIACRYPT 2020 as a SAT problem and thus create a bit-oriented model of WARP taking the key schedule into account. Together with two additional observations on the properties of WARP's construction, we extend the best previous distinguisher by 2 rounds (as a classical integral distinguisher) or 4 rounds (for a generalized integral distinguisher). For the key recovery, we create a graph-based model of the round function and demonstrate how to manipulate the graph to obtain a cipher representation amenable to FFT-based key recovery.

Note: The source code of our tool is available in the following Github repository and can be applied to other designs as well: https://github.com/hadipourh/mpt

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Published by the IACR in TOSC 2022
DOI
10.46586/tosc.v2022.i2.92-112
Keywords
Lightweight cryptographyWARPGFNIntegral cryptanalysisMonomial predictionCPSATFFT key recoveryAES
Contact author(s)
hsn hadipour @ gmail com
maria eichlseder @ iaik tugraz at
History
2024-06-07: last of 2 revisions
2022-06-08: received
See all versions
Short URL
https://ia.cr/2022/729
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2022/729,
      author = {Hosein Hadipour and Maria Eichlseder},
      title = {Integral Cryptanalysis of {WARP} based on Monomial Prediction},
      howpublished = {Cryptology {ePrint} Archive, Paper 2022/729},
      year = {2022},
      doi = {10.46586/tosc.v2022.i2.92-112},
      url = {https://eprint.iacr.org/2022/729}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.