Abstract
In differential cryptanalysis, a differential is more valuable than the single trail belonging to it in general. The traditional way to compute the probability of the differential is to sum the probabilities of all trails within it. The automatic tool for the search of differentials based on Mixed Integer Linear Programming (MILP) has been proposed and realises the task of finding multiple trails of a given differential. The problem is whether it is reliable to evaluate the probability of the differential traditionally. In this paper, we focus on two lightweight block ciphers – LED64 and Midori64 and show the more accurate estimation of differential probability considering the key schedule. Firstly, an automated tool based on Boolean Satisfiability Problem (SAT) is put forward to accomplish the automatic search of differentials for ciphers with S-boxes and is applied to LED64 and Midori64. Secondly, we provide an automatic approach to detect the right pairs following a given differential, which can be exploited to calculate the differential property. Applying this technique to the STEP function of LED64, we discover some differentials with enhanced probability. As a result, the previous attacks relying upon high probability differentials can be improved definitely. Thirdly, we present a method to compute an upper-bound of the weak-key ratio for a given differential, which is utilised to analyse 4-round differentials of Midori64. We detect two differentials whose weak-key ratios are much lower than the expected 50%. More than 78% of the keys will make these two differentials being impossible differentials. The idea of the estimation for an upper-bound of the weak-key ratio can be employed for other ciphers and allows us to launch differential attacks more reliably. Finally, we introduce how to compute the enhanced differential probability and evaluate the size of keys achieving the improved probability. Such a property may incur an efficient weak-key attack. For a 4-round differential of Midori64, we obtain an improved differential property for a portion of keys.
Highlights
Differential cryptanalysis [BS90] is one of the most fundamental techniques targeting symmetric-key primitives
We focus on two lightweight block ciphers - LED64 [GPPR11, GPPR12] and Midori64 [BBI+15] and show the more accurate estimation of differential probability considering the key schedule
We present a method to compute an upper-bound of the weak-key ratio for a given differential, which is utilised to analyse 4-round differentials of Midori[64]
Summary
Differential cryptanalysis [BS90] is one of the most fundamental techniques targeting symmetric-key primitives. Since the introduction of differential cryptanalysis, many investigations concentrated on achieving provable security against it Among these works, the Markov cipher theory [LMM91] is regarded as the first attempt to design block ciphers resistant against differential cryptanalysis. Apart from the theoretical research, another strong research trend in the field of differential cryptanalysis is the construction of the automatic tool for searching differential characteristics or differentials [SHW+14, KLT15, SHY16, SGL+17, AST+17]. Most of these techniques pay attention to the seek of differential trails instead of differentials. The ideas proposed in this paper permit us to launch differential attacks more reliably
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have