Boosting differential-linear cryptanalysis of ChaCha7 with MILP

In this paper, we present an improved differential-linear cryptanalysis of the ChaCha stream cipher. Our main contributions are new differential-linear distinguishers that we were able to build thanks to the following improvements: a) we considered a larger search space, including 2-bit differences...

Full description

Saved in:
Bibliographic Details
Main Authors: Bellini, Emanuele, Gerault, David, Grados, Juan, Makarim, Rusydi H., Peyrin, Thomas
Other Authors: School of Physical and Mathematical Sciences
Format: Article
Language:English
Published: 2023
Subjects:
Online Access:https://hdl.handle.net/10356/171650
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Nanyang Technological University
Language: English
id sg-ntu-dr.10356-171650
record_format dspace
spelling sg-ntu-dr.10356-1716502023-11-06T15:35:22Z Boosting differential-linear cryptanalysis of ChaCha7 with MILP Bellini, Emanuele Gerault, David Grados, Juan Makarim, Rusydi H. Peyrin, Thomas School of Physical and Mathematical Sciences Science::Mathematics Cryptanalysis Differential-Linear Attack In this paper, we present an improved differential-linear cryptanalysis of the ChaCha stream cipher. Our main contributions are new differential-linear distinguishers that we were able to build thanks to the following improvements: a) we considered a larger search space, including 2-bit differences (besides 1-bit differences) for the difference at the beginning of the differential part of the differential-linear trail; b) a better choice of mask between the differential and linear parts; c) a carefully crafted MILP tool that finds linear trails with higher correlation for the linear part. We eventually obtain a new distinguisher for ChaCha reduced to 7 rounds that requires 2166.89 computations, improving the previous record (ASIACRYPT 2022) by a factor of 247. Also, we obtain a distinguisher for ChaCha reduced to 7.5 rounds that requires 2251.4 computations, being the first time of a distinguisher against ChaCha reduced to 7.5 rounds. Using our MILP tool, we also found a 5-round differential-linear distinguisher. When combined with the probabilistic neutral bits (PNB) framework, we obtain a key-recovery attack on ChaCha reduced to 7 rounds with a computational complexity of 2206.8, improving by a factor 214.2 upon the recent result published at EUROCRYPT 2022. Published version 2023-11-02T03:47:03Z 2023-11-02T03:47:03Z 2023 Journal Article Bellini, E., Gerault, D., Grados, J., Makarim, R. H. & Peyrin, T. (2023). Boosting differential-linear cryptanalysis of ChaCha7 with MILP. IACR Transactions On Symmetric Cryptology, 2023(2), 189-223. https://dx.doi.org/10.46586/tosc.v2023.i2.189-223 2519-173X https://hdl.handle.net/10356/171650 10.46586/tosc.v2023.i2.189-223 2-s2.0-85163025678 2 2023 189 223 en IACR Transactions on Symmetric Cryptology © 2023 The Author(s). This work is licensed under a Creative Commons Attribution 4.0 International License. application/pdf
institution Nanyang Technological University
building NTU Library
continent Asia
country Singapore
Singapore
content_provider NTU Library
collection DR-NTU
language English
topic Science::Mathematics
Cryptanalysis
Differential-Linear Attack
spellingShingle Science::Mathematics
Cryptanalysis
Differential-Linear Attack
Bellini, Emanuele
Gerault, David
Grados, Juan
Makarim, Rusydi H.
Peyrin, Thomas
Boosting differential-linear cryptanalysis of ChaCha7 with MILP
description In this paper, we present an improved differential-linear cryptanalysis of the ChaCha stream cipher. Our main contributions are new differential-linear distinguishers that we were able to build thanks to the following improvements: a) we considered a larger search space, including 2-bit differences (besides 1-bit differences) for the difference at the beginning of the differential part of the differential-linear trail; b) a better choice of mask between the differential and linear parts; c) a carefully crafted MILP tool that finds linear trails with higher correlation for the linear part. We eventually obtain a new distinguisher for ChaCha reduced to 7 rounds that requires 2166.89 computations, improving the previous record (ASIACRYPT 2022) by a factor of 247. Also, we obtain a distinguisher for ChaCha reduced to 7.5 rounds that requires 2251.4 computations, being the first time of a distinguisher against ChaCha reduced to 7.5 rounds. Using our MILP tool, we also found a 5-round differential-linear distinguisher. When combined with the probabilistic neutral bits (PNB) framework, we obtain a key-recovery attack on ChaCha reduced to 7 rounds with a computational complexity of 2206.8, improving by a factor 214.2 upon the recent result published at EUROCRYPT 2022.
author2 School of Physical and Mathematical Sciences
author_facet School of Physical and Mathematical Sciences
Bellini, Emanuele
Gerault, David
Grados, Juan
Makarim, Rusydi H.
Peyrin, Thomas
format Article
author Bellini, Emanuele
Gerault, David
Grados, Juan
Makarim, Rusydi H.
Peyrin, Thomas
author_sort Bellini, Emanuele
title Boosting differential-linear cryptanalysis of ChaCha7 with MILP
title_short Boosting differential-linear cryptanalysis of ChaCha7 with MILP
title_full Boosting differential-linear cryptanalysis of ChaCha7 with MILP
title_fullStr Boosting differential-linear cryptanalysis of ChaCha7 with MILP
title_full_unstemmed Boosting differential-linear cryptanalysis of ChaCha7 with MILP
title_sort boosting differential-linear cryptanalysis of chacha7 with milp
publishDate 2023
url https://hdl.handle.net/10356/171650
_version_ 1783955585554710528