More accurate differential properties of LED64 and Midori64
In differential cryptanalysis, a differential is more valuable than the single trail belonging to it in general. The traditional way to compute the probability of the differential is to sum the probabilities of all trails within it. The automatic tool for the search of differentials based on Mixed I...
Saved in:
| Main Authors: | , , |
|---|---|
| Other Authors: | |
| Format: | Article |
| Language: | English |
| Published: |
2019
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/104634 http://hdl.handle.net/10220/49463 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-104634 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1046342023-02-28T19:23:54Z More accurate differential properties of LED64 and Midori64 Sun, Ling Wang, Wei Wang, Meiqin School of Physical and Mathematical Sciences Automatic Search Differential DRNTU::Science::Mathematics In differential cryptanalysis, a differential is more valuable than the single trail belonging to it in general. The traditional way to compute the probability of the differential is to sum the probabilities of all trails within it. The automatic tool for the search of differentials based on Mixed Integer Linear Programming (MILP) has been proposed and realises the task of finding multiple trails of a given differential. The problem is whether it is reliable to evaluate the probability of the differential traditionally. In this paper, we focus on two lightweight block ciphers – LED64 and Midori64 and show the more accurate estimation of differential probability considering the key schedule. Firstly, an automated tool based on Boolean Satisfiability Problem (SAT) is put forward to accomplish the automatic search of differentials for ciphers with S-boxes and is applied to LED64 and Midori64. Secondly, we provide an automatic approach to detect the right pairs following a given differential, which can be exploited to calculate the differential property. Applying this technique to the STEP function of LED64, we discover some differentials with enhanced probability. As a result, the previous attacks relying upon high probability differentials can be improved definitely. Thirdly, we present a method to compute an upper-bound of the weak-key ratio for a given differential, which is utilised to analyse 4-round differentials of Midori64. We detect two differentials whose weak-key ratios are much lower than the expected 50%. More than 78% of the keys will make these two differentials being impossible differentials. The idea of the estimation for an upper-bound of the weak-key ratio can be employed for other ciphers and allows us to launch differential attacks more reliably. Finally, we introduce how to compute the enhanced differential probability and evaluate the size of keys achieving the improved probability. Such a property may incur an efficient weak-key attack. For a 4-round differential of Midori64, we obtain an improved differential property for a portion of keys. Published version 2019-07-25T01:08:35Z 2019-12-06T21:36:37Z 2019-07-25T01:08:35Z 2019-12-06T21:36:37Z 2018 Journal Article Sun, L., Wang, W., & Wang, M. (2018). More accurate differential properties of LED64 and Midori64. IACR Transactions on Symmetric Cryptology, 2018(3), 93-123. doi:10.13154/tosc.v2018.i3.93-123 https://hdl.handle.net/10356/104634 http://hdl.handle.net/10220/49463 10.13154/tosc.v2018.i3.93-123 en IACR Transactions on Symmetric Cryptology © 2018 The Author(s). All rights reserved. This paper was published by Ruhr University Bochum in IACR Transactions on Symmetric Cryptology and is made available with permission of The Author(s). 31 p. application/pdf |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
Automatic Search Differential DRNTU::Science::Mathematics |
| spellingShingle |
Automatic Search Differential DRNTU::Science::Mathematics Sun, Ling Wang, Wei Wang, Meiqin More accurate differential properties of LED64 and Midori64 |
| description |
In differential cryptanalysis, a differential is more valuable than the single trail belonging to it in general. The traditional way to compute the probability of the differential is to sum the probabilities of all trails within it. The automatic tool for the search of differentials based on Mixed Integer Linear Programming (MILP) has been proposed and realises the task of finding multiple trails of a given differential. The problem is whether it is reliable to evaluate the probability of the differential traditionally. In this paper, we focus on two lightweight block ciphers – LED64 and Midori64 and show the more accurate estimation of differential probability considering the key schedule. Firstly, an automated tool based on Boolean Satisfiability Problem (SAT) is put forward to accomplish the automatic search of differentials for ciphers with S-boxes and is applied to LED64 and Midori64. Secondly, we provide an automatic approach to detect the right pairs following a given differential, which can be exploited to calculate the differential property. Applying this technique to the STEP function of LED64, we discover some differentials with enhanced probability. As a result, the previous attacks relying upon high probability differentials can be improved definitely. Thirdly, we present a method to compute an upper-bound of the weak-key ratio for a given differential, which is utilised to analyse 4-round differentials of Midori64. We detect two differentials whose weak-key ratios are much lower than the expected 50%. More than 78% of the keys will make these two differentials being impossible differentials. The idea of the estimation for an upper-bound of the weak-key ratio can be employed for other ciphers and allows us to launch differential attacks more reliably. Finally, we introduce how to compute the enhanced differential probability and evaluate the size of keys achieving the improved probability. Such a property may incur an efficient weak-key attack. For a 4-round differential of Midori64, we obtain an improved differential property for a portion of keys. |
| author2 |
School of Physical and Mathematical Sciences |
| author_facet |
School of Physical and Mathematical Sciences Sun, Ling Wang, Wei Wang, Meiqin |
| format |
Article |
| author |
Sun, Ling Wang, Wei Wang, Meiqin |
| author_sort |
Sun, Ling |
| title |
More accurate differential properties of LED64 and Midori64 |
| title_short |
More accurate differential properties of LED64 and Midori64 |
| title_full |
More accurate differential properties of LED64 and Midori64 |
| title_fullStr |
More accurate differential properties of LED64 and Midori64 |
| title_full_unstemmed |
More accurate differential properties of LED64 and Midori64 |
| title_sort |
more accurate differential properties of led64 and midori64 |
| publishDate |
2019 |
| url |
https://hdl.handle.net/10356/104634 http://hdl.handle.net/10220/49463 |
| _version_ |
1759856487883079680 |