Abstract
In this paper, we study the relation of related-tweak/key impossible differentials with single-key ones. Following a heuristic strategy, we can derive longer related-tweak/key impossible differentials from single-key ones. We implement this strategy with the MILP technique and apply it to search related-tweak/key impossible differentials of two tweakable block ciphers: QARMA-64 and Joltik-BC-128. For QARMA-64, we find several 7-round related-tweak impossible differential distinguishers and use them to mount a 10-round key recovery attack including the outer whitening key; for Joltik-BC-128, we find two 6-round related-tweakey impossible differential distinguishers and use them attack 9-round and 10-round Joltik-BC-128 respectively.
Highlights
In the last decades, a lot of block ciphers have been proposed
Cryptanalysts find many classical cryptanalysis methods could be converted to mathematical optimization problems which aim to achieve the minimal or maximal value of an objective function under certain constraints
We focus on QARMA-64
Summary
A lot of block ciphers have been proposed. A key point for these ciphers to be accepted and used by industry is to provide a reliable security evaluation. 1 for All differences x do 2 for All differences y do Construct MILP model M1 describing the differential behaviour of the r-round cipher shown in Figure 1 in the single-key setting; Add constraints to M1 by setting i = x and i+r = y; if M1 is infeasible . //An r-round single-key impossible differential obtained [6], [5]; Construct MILP model M2 describing the differential behaviour of the r -round tweak/key schedule; Add constraints to M2 by setting ki = x and ki+r = y; if M2 is feasible . Construct MILP model M3 describing the related-tweak/key differential behaviour of r -round cipher; Add constraints to M3 by setting ki = x and ki+r = y, setting i = x and i+r = y; if M3 is infeasible . We give an example of the internal state differences conforming the distinguisher in Table 4 in Appendix A-C
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.