Filters








59 Hits in 4.4 sec

Efficient MILP Modelings for Sboxes and Linear Layers of SPN ciphers

Christina Boura, Daniel Coggia
2020 IACR Transactions on Symmetric Cryptology  
the details of both the Sbox and the linear layer are taken into account.  ...  In this work, we first propose many new algorithms for efficiently modeling any subset of Fn2 with MILP inequalities.  ...  F Analyzed linear layers We provide here a brief description of the linear layers of the ciphers Anubis, Aria and Saturnin whose modeling for MILP we analyzed in Section 3. • Anubis is a 128-bit block  ... 
doi:10.46586/tosc.v2020.i3.327-361 fatcat:u3s77kgakzbx7mhzggv5t7yzb4

MILP-Based Automatic Differential Searches for LEA and HIGHT [article]

Elnaz Bagherzadeh, Zahra Ahmadian
2018 IACR Cryptology ePrint Archive  
Benefiting from this new developed model for HIGHT block cipher, we can achieve a reduction of 112r out of 480r in the total number of linear constraints for MILP model of r-round of HIGHT.  ...  In this paper we use MILP technique for automatic search for differential characteristics of ARX ciphers LEA and HIGHT.  ...  In [21] , the differential properties of the Sbox layer has been taken into account in the MILP model and more precise results for differential characteristics derived, consequently.  ... 
dblp:journals/iacr/BagherzadehA18 fatcat:wixecmw45jhola7pen2ph2pv3a

On the Relationships between Different Methods for Degree Evaluation

Siwei Chen, Zejun Xiang, Xiangyong Zeng, Shasha Zhang
2021 IACR Transactions on Symmetric Cryptology  
Specifically, for the substitution-permutation-network (SPN) ciphers, we first deeply explore the relationships between division property of an Sbox and its algebraic properties (e.g., the algebraic degree  ...  In addition, for the nonlinear feedback shift registers (NFSR) based ciphers, according to the propagation of division property and the core idea of numeric mapping, we give a strict proof that the estimated  ...  Acknowledgments We would like to thank the anonymous reviewers for their helpful comments and suggestions.  ... 
doi:10.46586/tosc.v2021.i1.411-442 fatcat:edh3pszcybg3tnw4h4ojchq4uq

The SKINNY Family of Block Ciphers and Its Low-Latency Variant MANTIS [chapter]

Christof Beierle, Jérémy Jean, Stefan Kölbl, Gregor Leander, Amir Moradi, Thomas Peyrin, Yu Sasaki, Pascal Sasdrich, Siang Meng Sim
2016 Lecture Notes in Computer Science  
Secondly, we present MANTIS, a dedicated variant of SKINNY for lowlatency implementations, that constitutes a very efficient solution to the problem of designing a tweakable block cipher for memory encryption  ...  Regarding performances, it outperforms all known ciphers for ASIC round-based implementations, while still reaching an extremely small area for serial implementations and a very good efficiency for software  ...  The authors would like to thank the anonymous referees for their helpful comments.  ... 
doi:10.1007/978-3-662-53008-5_5 fatcat:ksxdbtvcczhffd43ovxtxhw6iy

On the Relationships between Different Methods for Degree Evaluation (Full Version) [article]

Siwei Chen, Zejun Xiang, Xiangyong Zeng, Shasha Zhang
2021 IACR Cryptology ePrint Archive  
Specifically, for the substitution-permutation-network (SPN) ciphers, we first deeply explore the relationships between division property of an Sbox and its algebraic properties (e.g., the algebraic degree  ...  In addition, for the nonlinear feedback shift registers (NFSR) based ciphers, according to the propagation of division property and the core idea of numeric mapping, we give a strict proof that the estimated  ...  Acknowledgments We would like to thank the anonymous reviewers for their helpful comments and suggestions.  ... 
dblp:journals/iacr/ChenXZZ21 fatcat:wvb3ofh45vaglafengtgocpb3u

Increasing Precision of Division Property

Patrick Derbez, Pierre-Alain Fouque
2020 IACR Transactions on Symmetric Cryptology  
(Design, Codes and Cryptography, 2020) to extend a cipher with linear mappings and show how to decrease the number of transitions to look for.  ...  We describe for the first time a practical algorithm for computing the propagation tables of 16-bit Super-Sboxes, increasing the precision of the division property by removing a lot of false division trails  ...  We decomposed the cipher by alternating Super-Sboxes and linear layer.  ... 
doi:10.46586/tosc.v2020.i4.173-194 fatcat:ai44hxi7yncf5e7yed2vgn4amu

Finding Bit-Based Division Property for Ciphers with Complex Linear Layer [article]

Kai Hu, Qingju Wang, Meiqin Wang
2020 IACR Cryptology ePrint Archive  
Constructing models of complex linear layers accurately and efficiently remains hard. A straightforward method proposed by Sun et al.  ...  Constraint-aided automatic tools for the BDP have been applied to many ciphers with simple linear layers like bit-permutation.  ...  Acknowledgement We thank the anonymous reviewers for their valuable comments.  ... 
dblp:journals/iacr/HuWW20 fatcat:mcpjpvcjfjbjbih4k6zyrqenoe

New Insights On Differential And Linear Bounds Using Mixed Integer Linear Programming (Full Version) [article]

Anubhab Baksi
2020 IACR Cryptology ePrint Archive  
Mixed Integer Linear Programming (MILP) is a very common method of modelling differential and linear bounds for ciphers, as it automates the process of finding the best differential trail or linear approximation  ...  Our modelling makes use of every points of interest individually. This modelling works for an arbitrary SBox, and is able to find the exact bound.  ...  Since the differential and linear cryptanalytic methods are essential for any cipher design, MILP aided techniques are frequently used in cipher design and further cryptanalysis, such as design of GIFT  ... 
dblp:journals/iacr/Baksi20 fatcat:atwzfkghp5aohndozwvexc2zfy

Finding Bit-Based Division Property for Ciphers with Complex Linear Layers

Kai Hu, Qingju Wang, Meiqin Wang
2020 IACR Transactions on Symmetric Cryptology  
Constructing models of complex linear layers accurately and efficiently remains hard. A straightforward method proposed by Sun et al.  ...  Constraint-aided automatic tools for the BDP have been applied to many ciphers with simple linear layers like bit-permutation.  ...  Acknowledgments We thank the anonymous reviewers for their valuable comments. We especially thank Anne Canteaut for helping prepare the final version.  ... 
doi:10.13154/tosc.v2020.i1.396-424 dblp:journals/tosc/HuWW20 fatcat:5jack4rq5rfixk4xapkvlvlm2u

Catching the Fastest Boomerangs

Stéphanie Delaune, Patrick Derbez, Mathieu Vavrille
2020 IACR Transactions on Symmetric Cryptology  
One limitation of the MILP model of Liu et al. is that it handles only one round for the middle part while Song et al. have shown that dependencies could affect much more rounds, for instance up to 6 rounds  ...  Thus we describe a new approach to turn an MILP model to search for truncated characteristics into an MILP model to search for truncated boomerang characteristics automatically handling the middle rounds  ...  Let E be a classical SPN cipher of R round with an n-cell internal state and such that the round function is composed of a SubCell operation, a key addition and a linear layer which multiplies the internal  ... 
doi:10.46586/tosc.v2020.i4.104-129 fatcat:ddnwtx6h2fbutlxj4tzwcmzi4y

Integral Distinguishers of the Full-Round Lightweight Block Cipher SAT_Jo

Xueying Qiu, Yongzhuang Wei, Samir Hodzic, Enes Pasalic, Chien Ming Chen
2021 Security and Communication Networks  
of making the cipher highly resource-efficient.  ...  The main difference compared to PRESENT, which turns out to induce severe weaknesses of SAT_Jo algorithm, is its different choice of substitution boxes (S-boxes) and the bit-permutation layer for the reasons  ...  When performing integral analysis on a given block cipher based on the division property and using the MILP model (whose round functions consist of a composition of the S-box and linear layer), the search  ... 
doi:10.1155/2021/5310545 fatcat:shkiztfqqjh37lukklkwbergja

Towards Tight Differential Bounds of Ascon

Rusydi H. Makarim, Raghvendra Rohit
2022 IACR Transactions on Symmetric Cryptology  
Finally, we provide the implementations of our SMT and MILP models, and actual trails to verify the correctness of results.  ...  differential and linear active Sboxes for 4 and 6 rounds.  ...  Acknowledgments We would like to thank the reviewers of ToSC 2022 and Florian Mendel for providing us with insightful comments to improve the quality of the paper.  ... 
doi:10.46586/tosc.v2022.i3.303-340 fatcat:zk3gn4jpovamzae4lvpcg7bq2y

Linearly equivalent S-boxes and the division property

Baptiste Lambin, Patrick Derbez, Pierre-Alain Fouque
2020 Designs, Codes and Cryptography  
We show that the representation of the block cipher heavily influences the propagation of the division property, and exploiting this, we give an algorithm to efficiently search for such linear mappings  ...  Computer-aided techniques such as MILP have been widely and successfully used to study various cryptanalysis techniques, and it especially led to many new results for the division property.  ...  Hence they built MILP models for several block ciphers which they efficiently solved using a third-party MILP solver.  ... 
doi:10.1007/s10623-020-00773-4 fatcat:eyvqnkgctjf3rnfvcqhyry2n74

Towards Key-recovery-attack Friendly Distinguishers: Application to GIFT-128

Rui Zong, Xiaoyang Dong, Huaifeng Chen, Yiyuan Luo, Si Wang, Zheng Li
2021 IACR Transactions on Symmetric Cryptology  
When analyzing a block cipher, the first step is to search for some valid distinguishers, for example, the differential trails in the differential cryptanalysis and the linear trails in the linear cryptanalysis  ...  A distinguisher is advantageous if it can be utilized to attack more rounds and the amount of the involved key bits during the key-recovery process is small, as this leads to a long attack with a low complexity  ...  Acknowledgments The authors would like to thank the anonymous referees for their helpful comments.  ... 
doi:10.46586/tosc.v2021.i1.156-184 fatcat:elladx7nuvhkfghfcyzmrl7ie4

Improving the MILP-based Security Evaluation Algorithm against Differential/Linear Cryptanalysis Using A Divide-and-Conquer Approach

Chunning Zhou, Wentao Zhang, Tianyou Ding, Zejun Xiang
2020 IACR Transactions on Symmetric Cryptology  
Each of the two problems for an r-round cipher can be converted to an MILP model whose feasible region is the set of all possible r-round differential/linear characteristics.  ...  For differential and linear cryptanalysis, MILP can be used to solve two kinds of problems: calculation of the minimum number of differentially/linearly active S-boxes, and search for the best differential  ...  Acknowledgments The authors would like to thank the anonymous reviewers for their helpful comments. This work was supported by the National Natural Science Foundation of China (No.61379138).  ... 
doi:10.13154/tosc.v2019.i4.438-469 dblp:journals/tosc/ZhouZDX19 fatcat:wiopzdwnqveuxg7qnh27jk6xtq
« Previous Showing results 1 — 15 out of 59 results