Abstract
Division property proposed by Todo at EUROCRYPT 2015 is a generalized integral property. Then, conventional bit-based division property (CBDP) and bitbased division property using three subsets (BDPT) were proposed by Todo and Morii at FSE 2016. At ASIACRYPT 2016, Xiang et al. extended Mixed Integer Linear Programming (MILP) method to search integral distinguishers based on CBDP. And at ASIACRYPT 2019, Wang et al. proposed an MILP-aided method of searching integral distinguishers based on BDPT. Although BDPT is powerful in searching integral distinguishers, the accuracy is not perfect.For block cipher SPECK32, as the block size is only 32 bits, we can experimentally observe the behaviors of all the plaintexts under a fixed key. By testing 210 random secret keys, we experimentally find a better integral distinguisher of 6-round SPECK32 with 30 active bits. But this experimental integral distinguisher cannot be proved by existing methods. So there still exists a gap between the proved distinguisher and the experimental one.To fill the gap, we explore secret keys in searching integral distinguishers based on BDPT. We put forward a situation where “Xor with The Secret Key” operation can be bypassed. Based on the new BDPT propagation rule, an improved automatic algorithm of searching integral distinguishers is proposed. For SPECK32, our improved algorithm can find the 6-round integral distinguisher with 230 chosen plaintexts. The gap between the proved distinguisher and the experimental one is filled. Moreover, we apply this improved method to search the integral distinguishers of SPECK, KATAN/KTANTAN, SIMON, SIMECK, SIMON(102), PRESENT and RECTANGLE block ciphers. The integral distinguishers found by our improved method are better than or consistent with the previous longest distinguishers.
Highlights
Integral attack proposed by Knudsen and Wagner at FSE 2002 [KW02] is one of the most powerful tools used for block ciphers
At ASIACRYPT 2016, Xiang et al [XZBL16] proposed the concept of conventional bit-based division property (CBDP) trail and applied Mixed Integer Linear Programming (MILP) method to search integral distinguishers based on CBDP, which allowed them to analyze block ciphers with large sizes
At ASIACRYPT 2016, Xiang et al [XZBL16] applied MILP method to search integral distinguishers based on CBDP, which allowed them to analyze block ciphers with large sizes
Summary
Integral attack proposed by Knudsen and Wagner at FSE 2002 [KW02] is one of the most powerful tools used for block ciphers. At ASIACRYPT 2016, Xiang et al [XZBL16] proposed the concept of CBDP trail and applied MILP method to search integral distinguishers based on CBDP, which allowed them to analyze block ciphers with large sizes. The key recovery attack may be just a distinguish attack To solve this problem, at ASIACRYPT 2019, Wang et al [WHG+19] proposed the cube attack based on BDPT and proved that BDPT without unknown subset can recover the accurate superpoly of cube attack. At EUROCRYPT 2020, Hao et al [HLM+20] proposed a new modeling method for the BDPT without unknown subset Their algorithm is more efficient, and it can improve existing key-recovery attacks on many ciphers. BDPT is powerful in searching integral distinguishers and cube attacks, the accuracy is not perfect. How to improve the x∈X accuracy of BDPT is an important issue worth studying
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
