Abstract
In this paper, a new method for constructing a Mixed Integer Linear Programming (MILP) model on conditional differential cryptanalysis of the nonlinear feedback shift register- (NLFSR-) based block ciphers is proposed, and an approach to detecting the bit with a strongly biased difference is provided. The model is successfully applied to the block cipher KATAN32 in the single-key scenario, resulting in practical key-recovery attacks covering more rounds than the previous. In particular, we present two distinguishers for 79 and 81 out of 254 rounds of KATAN32. Based on the 81-round distinguisher, we recover 11 equivalent key bits of 98-round KATAN32 and 13 equivalent key bits of 99-round KATAN32. The time complexity is less than 2 31 encryptions of 98-round KATAN32 and less than 2 33 encryptions of 99-round KATAN32, respectively. Thus far, our results are the best known practical key-recovery attacks for the round-reduced variants of KATAN32 regarding the number of rounds and the time complexity. All the results are verified experimentally.
Highlights
Cryptographic techniques move into applications like access control, parking management, goods tracking, radio frequency identification tags, and integrated circuit (IC) printing [1]
We propose a method of automatic conditional differential cryptanalysis using Mixed Integer Linear Programming (MILP)
We propose a novel method using MILP to search for an initial difference, deriving as few conditions as possible and the differential characteristic that covers as many rounds as possible
Summary
Cryptographic techniques move into applications like access control, parking management, goods tracking, radio frequency identification tags, and integrated circuit (IC) printing [1]. At ASIACRYPT 2010, Knellwolf et al analyzed KATAN and KTANTAN [9] using conditional differential cryptanalysis [10] and recovered four equivalent key bits for 78 of 254 rounds of KATAN32 in the single-key scenario. They subsequently analyzed KATAN32 in the related-key scenario with an improved technique using automatic tools and obtained key-recovery attacks for 120 of 254 rounds of KATAN32 [11]. Extended keyrecovery attacks can recover 10, 11, and 13 equivalent key bits, respectively It is the best known practical cryptanalytic result on KATAN32 so far.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
