Paper 2024/1359

Finding Complete Impossible Differential Attacks on AndRX Ciphers and Efficient Distinguishers for ARX Designs

Debasmita Chakraborty, Indian Statistical Institute, Kolkata, India
Hosein Hadipour, Graz University of Technology, Graz, Austria
Phuong Hoa Nguyen, Univ Rennes, INRIA, CNRS, IRISA, Rennes, France
Maria Eichlseder, Graz University of Technology, Graz, Austria
Abstract

The impossible differential (ID) attack is one of the most important cryptanalytic techniques for block ciphers. There are two phases to finding an ID attack: searching for the distinguisher and building a key recovery upon it. Previous works only focused on automated distinguisher discovery, leaving key recovery as a manual post-processing task, which may lead to a suboptimal final complexity. At EUROCRYPT~2023, Hadipour et al. introduced a unified constraint programming (CP) approach based on satisfiability for finding optimal complete ID attacks in strongly aligned ciphers. While this approach was extended to weakly-aligned designs like PRESENT at ToSC~2024, its application to ARX and AndRX ciphers remained as future work. Moreover, this method only exploited ID distinguishers with direct contradictions at the junction of two deterministic transitions. In contrast, some ID distinguishers, particularly for ARX and AndRX designs, may not be detectable by checking only the existence of direct contradictions. This paper fills these gaps by extending Hadipour et al.'s method to handle indirect contradictions and adapting it for ARX and AndRX designs. We also present a similar method for identifying zero-correlation (ZC) distinguishers. Moreover, we extend our new model for finding ID distinguishers to a unified optimization problem that includes both the distinguisher and the key recovery for AndRX designs. Our method improves ID attacks and introduces new distinguishers for several ciphers, such as SIMON, SPECK, Simeck, ChaCha, Chaskey, LEA, and SipHash. For example, we achieve a one-round improvement in the ID attacks against SIMON-64-96, SIMON-64-128, SIMON-128-128, SIMON-128-256 and a two-round improvement in the ID attacks against SIMON-128-192. These results significantly contribute to our understanding of the effectiveness of automated tools in the cryptanalysis of different design paradigms.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Published by the IACR in TOSC 2024
DOI
https://doi.org/10.46586/tosc.v2024.i3.84-176
Keywords
CryptanalysisImpossible differentialsKey recoveryARXAndRXSIMONSimeckSPECKChaChaChaskeyLEASipHash
Contact author(s)
debasmitachakraborty1 @ gmail com
hsn hadipour @ gmail com
phuong-hoa nguyen @ irisa fr
maria eichlseder @ iaik tugraz at
History
2024-09-20: revised
2024-08-29: received
See all versions
Short URL
https://ia.cr/2024/1359
License
No rights reserved
CC0

BibTeX

@misc{cryptoeprint:2024/1359,
      author = {Debasmita Chakraborty and Hosein Hadipour and Phuong Hoa Nguyen and Maria Eichlseder},
      title = {Finding Complete Impossible Differential Attacks on {AndRX} Ciphers and Efficient Distinguishers for {ARX} Designs},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/1359},
      year = {2024},
      doi = {https://doi.org/10.46586/tosc.v2024.i3.84-176},
      url = {https://eprint.iacr.org/2024/1359}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.