Differential analysis of the NBC algorithm based on mixed integer linear programming model

Abstract

AbstractThis paper mainly studies mixed integer linear programming (MILP)‐based cryptanalysis on round‐reduced NBC algorithm with generalized Feistel structure. First, each component of the algorithm is equivalently described by linear inequality equations, and the propagation rules of differential characteristics and linear approximation are described, and an automatic search algorithm model of differential mode and linear mask mode based on MILP is established, and the minimum number of active S‐boxes and the corresponding differential mode and linear mask mode paths are obtained. Second, according to the NBC algorithm's 16‐bit block pull‐wire position permutation characteristics, the optimal full diffusion rounds of NBC‐128 algorithm and NBC‐256 algorithm are obtained by using approximate matrix multiplication theory to be six and eight respectively. Finally, based on the optimal number of full diffusion rounds of the algorithm, an automatic search algorithm model of impossible differential cryptanalysis is established, and the set of input differential patterns is traversed to obtain 11‐round impossible differential distinguishers of NBC‐128 algorithm and 14‐round impossible differential distinguishers of NBC‐256 algorithm respectively.