Abstract
Mixed integer linear programming (MILP) model was presented by Sun et al. at Asiacrypt 2014 to search for differential characteristics of block ciphers. Based on this model, it is easy to assess block ciphers against differential attack. In this paper, the MILP model is improved to search for differential trails of Midori64 which is a family of lightweight block ciphers provided by Banik et al. at Asiacrypt 2015. We find the best 5-round differential characteristics of Midori64 with MILP-based model, and the probabilities are 2 <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">-52</sup> and 2 <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">-58</sup> respectively. Based on these distinguishers, we give key recovery attacks on the 11-round reduced Midori64 with data complexities of 2 <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">55.6</sup> and 2 <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">61.2</sup> , and time complexities of 2 <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">109.35</sup> and 2 <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">100.26</sup> .
Highlights
In recent years, a great deal of lightweight block ciphers are widely used in Internet of things and wireless communication because of their uncomplicated structures and efficient execution in low-power and constrained environment
It has been found that many classical cryptanalysis methods, including differential cryptanalysis, impossible differential, related-key differential characteristics and linear attacks can be converted into mathematical optimal problems
The model is constructed with an exact probability for each possible point in the difference distribution table (DDT) of S-box for Midori64 to search for the differential characteristics with the maximal differential probability by the optimal inequalities
Summary
A great deal of lightweight block ciphers are widely used in Internet of things and wireless communication because of their uncomplicated structures and efficient execution in low-power and constrained environment. In 2013, Sun et al gave the minimal number of active S-boxes for fullround PRESENT-80 and a 12-round related-key differential characteristics [11] They presented a novel method based the MILP model to search for the differential trails with the maximal probability, instead of the minimal number of active S-boxes [12]. H. Zhao et al.: MILP-Based Differential Cryptanalysis on Round-Reduced Midori into the differential characteristics and introduced the method to attack the block cipher RoadRunneR. Dong et al introduced an 11-round related-key differential distinguisher and attacked a 14-round on Midori with data complexity of 259 and computational complexity of 2116 [14]. Gerault et al showed an all round related-key differential attack on Midori block cipher with data complexity of 223.75 and computational complexity of 235.8 [22]. Guo et al provided an invariant subspace attack on all round Midori64 [23] with 232 weak key setting in 2016
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
