Exploring the optimality of byte-wise permutations of a piccolo-type block cipher

Abstract

Piccolo is a lightweight block cipher based on a 16-bit word 4-line generalized Feistel structure. Piccolo adopts byte-wise round permutation (RP) instead of the typical word-based RP to improve diffusion. In this paper, we explore the optimality of byte-based RP from the viewpoint of security. We evaluate the security of differential, linear, impossible differential, and integral attacks for all byte-wise RPs using mixed integer linear programming (MILP). We show that the RP of Piccolo is optimal in terms of the number of rounds required to guarantee security against such attacks. In addition, we introduce new two classes of RPs that require 7 rounds for security against impossible differential attacks, which is one round less than required by Piccolo. These new classes require 7/9 and 8/8 rounds to guarantee security against differential/linear attacks, respectively, which is more rounds than required by Piccolo.