Automatical Method for Searching Integrals of ARX Block Cipher with Division Property Using Three Subsets

Abstract

Bit-based division property was first proposed to find integral for SIMON32 by Todo \(et al.\) at FSE 2016. Xiang \(et al.\) improved the work with aid of Mixed Integer Linear Programming(MILP) method and applied the method to block ciphers with wider block size. Later on, Sun \(et al.\) applied division property to ARX block ciphers. Todo \(et al.\) proposed a more precise division property using three subsets method to describe integral propagation at FSE 2016, which can not be applied to wide state ARX block ciphers. In this paper, we extend bit-based division property using three subsets and propose an automatic method for finding integral distinguishers for ARX block ciphers with SAT/SMT solvers. Firstly, we study bit-based division property using three subsets through three basic operations (Copy, AND, XOR). Then, we model division property using three subsets through Addition Modulo function. Finally, by constructing and solving division property using three subsets propagation system, we find integral distinguishers for round reduced ARX block cipher. As a result, we propose 15 round integral distinguishers for SIMON32 automatically and verify the secure margins Todo \(et al.\) proposed for \(\hbox {SIMON}48,64,96,128\). Also, we can find one more 6 round integral distinguishers for SPECK32, which can not be found with conventional division property without using three subsets. It is interesting that no more integral distinguishers are found for SPECK48,64,96,128. Moreover, we apply to SIMECK, HIGHT, LEA, TEA and XTEA \(et al.\) Unfortunately, we find no more new results than conventional division property can do.