Paper 2023/1227

Parallel SAT Framework to Find Clustering of Differential Characteristics and Its Applications

Kosei Sakamoto, Mitsubishi Electric Corporation
Ryoma Ito, National Institute of Information and Communications Technology,
Takanori Isobe, University of Hyogo
Abstract

The most crucial but time-consuming task for differential cryptanalysis is to find a differential with a high probability. To tackle this task, we propose a new SAT-based automatic search framework to efficiently figure out a differential with the highest probability under a specified condition. As the previous SAT methods (e.g., the Sun et al’s method proposed at ToSC 2021(1)) focused on accelerating the search for an optimal single differential characteristic, these are not optimized for evaluating a clustering effect to obtain a tighter differential probability of differentials. In contrast, our framework takes advantage of a method to solve incremental SAT problems in parallel using a multi-threading technique, and consequently, it offers the following advantages compared with the previous methods: (1) speedy identification of a differential with the highest probability under the specified conditions; (2) efficient construction of the truncated differential with the highest probability from the obtained multiple differentials; and (3) applicability to a wide class of symmetric-key primitives. To demonstrate the effectiveness of our framework, we apply it to the block cipher PRINCE and the tweakable block cipher QARMA. We successfully figure out the tight differential bounds for all variants of PRINCE and QARMA within the practical time, thereby identifying the longest distinguisher for all the variants, which improves existing ones by one to four more rounds. Besides, we uncover notable differences between PRINCE and QARMA in the behavior of differential, especially for the clustering effect. We believe that our findings shed light on new structural properties of these important primitives. In the context of key recovery attacks, our framework allows us to derive the key-recovery-friendly truncated differentials for all variants of QARMA. Consequently, we report key recovery attacks based on (truncated) differential cryptanalysis on QARMA for the first time and show these key recovery attacks are competitive with existing other attacks.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Major revision. SAC 2023
Keywords
DifferentialSAT-based automatic searchLow-latency primitives.
Contact author(s)
Sakamoto Kosei @ dc mitsubishielectric co jp
itorym @ nict go jp
takanori isobe @ ai u-hyogo ac jp
History
2023-08-15: approved
2023-08-13: received
See all versions
Short URL
https://ia.cr/2023/1227
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2023/1227,
      author = {Kosei Sakamoto and Ryoma Ito and Takanori Isobe},
      title = {Parallel SAT Framework to Find Clustering of Differential Characteristics and Its Applications},
      howpublished = {Cryptology ePrint Archive, Paper 2023/1227},
      year = {2023},
      note = {\url{https://eprint.iacr.org/2023/1227}},
      url = {https://eprint.iacr.org/2023/1227}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.