Paper 2023/1701
Improved Search for Integral, Impossible-Differential and Zero-Correlation Attacks: Application to Ascon, ForkSKINNY, SKINNY, MANTIS, PRESENT and QARMAv2
Abstract
Integral, impossible-differential (ID), and zero-correlation (ZC) attacks are three of the most important attacks on block ciphers. However, manually finding these attacks can be a daunting task, which is why automated methods are becoming increasingly important. Most automatic tools regarding integral, ZC, and ID attacks have focused only on finding distinguishers rather than complete attacks. At EUROCRYPT 2023, Hadipour et al. proposed a generic and efficient constraint programming (CP) model based on satisfiability for finding ID, ZC, and integral distinguishers. This new model can be extended to a unified CP model for finding full key recovery attacks. However, it has limitations, including determining the contradiction location beforehand and a cell-wise model unsuitable for weakly aligned ciphers like Ascon and PRESENT. They also deferred developing a CP model for the partial-sum technique in key recovery as future work. In this paper, we enhance Hadipour et al.'s method in several ways. First, we remove the limitation of determining the contradiction location in advance. Second, we show how to extend the distinguisher model to a bit-wise model, considering the internal structure of S-boxes and keeping the model based on satisfiability. Third, we introduce a CP model for the partial-sum technique for the first time. To show the usefulness and versatility of our approach, we apply it to various designs, from strongly aligned ones like ForkSKINNY and QARMAv2 to weakly aligned ones such as Ascon and PRESENT, yielding significantly improved results. To mention a few of our results, we improve the integral distinguisher of QARMAv2-128 (resp. QARMAv2-64) by 7 (resp. 5) rounds, and the integral distinguisher of ForkSKINNY by 1 round, only thanks to our cell-wise distinguishe modelings. By using our new bit-wise modeling, our tool can find a group of $2^{155}$ 5-round ID and ZC distinguishers for Ascon in only one run, taking a few minutes on a regular laptop. The new CP model for the partial-sum technique enhances integral attacks on all SKINNY variants, notably improving the best attack on SKINNY-$n$-$n$ in the single-key setting by 1 round. We also enhance ID attacks on ForkSKINNY and provide the first analysis of this cipher in a limited reduced-round setting. Our methods are generic and applicable to other block ciphers.
Note: The source code of our tool is available at https://github.com/hadipourh/zeroplus
Metadata
- Available format(s)
- Category
- Attacks and cryptanalysis
- Publication info
- A minor revision of an IACR publication in TOSC 2024
- DOI
- 10.46586/tosc.v2024.i1.234-325
- Keywords
- Integral attacksPartial-sum techniqueIDZCAsconSKINNYSKINNYeForkSKINNYQARMAv2MANTISPRESENT
- Contact author(s)
-
hossein hadipour @ iaik tugraz at
s gerhalter @ student tugraz at
s sadeghi khu @ gmail com
maria eichlseder @ tugraz at - History
- 2024-06-13: last of 7 revisions
- 2023-11-02: received
- See all versions
- Short URL
- https://ia.cr/2023/1701
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2023/1701, author = {Hosein Hadipour and Simon Gerhalter and Sadegh Sadeghi and Maria Eichlseder}, title = {Improved Search for Integral, Impossible-Differential and Zero-Correlation Attacks: Application to Ascon, {ForkSKINNY}, {SKINNY}, {MANTIS}, {PRESENT} and {QARMAv2}}, howpublished = {Cryptology {ePrint} Archive, Paper 2023/1701}, year = {2023}, doi = {10.46586/tosc.v2024.i1.234-325}, url = {https://eprint.iacr.org/2023/1701} }