Boosting differential-linear cryptanalysis of ChaCha7 with MILP
In this paper, we present an improved differential-linear cryptanalysis of the ChaCha stream cipher. Our main contributions are new differential-linear distinguishers that we were able to build thanks to the following improvements: a) we considered a larger search space, including 2-bit differences...
Saved in:
Main Authors: | , , , , |
---|---|
Other Authors: | |
Format: | Article |
Language: | English |
Published: |
2023
|
Subjects: | |
Online Access: | https://hdl.handle.net/10356/171650 |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Nanyang Technological University |
Language: | English |
id |
sg-ntu-dr.10356-171650 |
---|---|
record_format |
dspace |
spelling |
sg-ntu-dr.10356-1716502023-11-06T15:35:22Z Boosting differential-linear cryptanalysis of ChaCha7 with MILP Bellini, Emanuele Gerault, David Grados, Juan Makarim, Rusydi H. Peyrin, Thomas School of Physical and Mathematical Sciences Science::Mathematics Cryptanalysis Differential-Linear Attack In this paper, we present an improved differential-linear cryptanalysis of the ChaCha stream cipher. Our main contributions are new differential-linear distinguishers that we were able to build thanks to the following improvements: a) we considered a larger search space, including 2-bit differences (besides 1-bit differences) for the difference at the beginning of the differential part of the differential-linear trail; b) a better choice of mask between the differential and linear parts; c) a carefully crafted MILP tool that finds linear trails with higher correlation for the linear part. We eventually obtain a new distinguisher for ChaCha reduced to 7 rounds that requires 2166.89 computations, improving the previous record (ASIACRYPT 2022) by a factor of 247. Also, we obtain a distinguisher for ChaCha reduced to 7.5 rounds that requires 2251.4 computations, being the first time of a distinguisher against ChaCha reduced to 7.5 rounds. Using our MILP tool, we also found a 5-round differential-linear distinguisher. When combined with the probabilistic neutral bits (PNB) framework, we obtain a key-recovery attack on ChaCha reduced to 7 rounds with a computational complexity of 2206.8, improving by a factor 214.2 upon the recent result published at EUROCRYPT 2022. Published version 2023-11-02T03:47:03Z 2023-11-02T03:47:03Z 2023 Journal Article Bellini, E., Gerault, D., Grados, J., Makarim, R. H. & Peyrin, T. (2023). Boosting differential-linear cryptanalysis of ChaCha7 with MILP. IACR Transactions On Symmetric Cryptology, 2023(2), 189-223. https://dx.doi.org/10.46586/tosc.v2023.i2.189-223 2519-173X https://hdl.handle.net/10356/171650 10.46586/tosc.v2023.i2.189-223 2-s2.0-85163025678 2 2023 189 223 en IACR Transactions on Symmetric Cryptology © 2023 The Author(s). This work is licensed under a Creative Commons Attribution 4.0 International License. application/pdf |
institution |
Nanyang Technological University |
building |
NTU Library |
continent |
Asia |
country |
Singapore Singapore |
content_provider |
NTU Library |
collection |
DR-NTU |
language |
English |
topic |
Science::Mathematics Cryptanalysis Differential-Linear Attack |
spellingShingle |
Science::Mathematics Cryptanalysis Differential-Linear Attack Bellini, Emanuele Gerault, David Grados, Juan Makarim, Rusydi H. Peyrin, Thomas Boosting differential-linear cryptanalysis of ChaCha7 with MILP |
description |
In this paper, we present an improved differential-linear cryptanalysis of the ChaCha stream cipher. Our main contributions are new differential-linear distinguishers that we were able to build thanks to the following improvements: a) we considered a larger search space, including 2-bit differences (besides 1-bit differences) for the difference at the beginning of the differential part of the differential-linear trail; b) a better choice of mask between the differential and linear parts; c) a carefully crafted MILP tool that finds linear trails with higher correlation for the linear part. We eventually obtain a new distinguisher for ChaCha reduced to 7 rounds that requires 2166.89 computations, improving the previous record (ASIACRYPT 2022) by a factor of 247. Also, we obtain a distinguisher for ChaCha reduced to 7.5 rounds that requires 2251.4 computations, being the first time of a distinguisher against ChaCha reduced to 7.5 rounds. Using our MILP tool, we also found a 5-round differential-linear distinguisher. When combined with the probabilistic neutral bits (PNB) framework, we obtain a key-recovery attack on ChaCha reduced to 7 rounds with a computational complexity of 2206.8, improving by a factor 214.2 upon the recent result published at EUROCRYPT 2022. |
author2 |
School of Physical and Mathematical Sciences |
author_facet |
School of Physical and Mathematical Sciences Bellini, Emanuele Gerault, David Grados, Juan Makarim, Rusydi H. Peyrin, Thomas |
format |
Article |
author |
Bellini, Emanuele Gerault, David Grados, Juan Makarim, Rusydi H. Peyrin, Thomas |
author_sort |
Bellini, Emanuele |
title |
Boosting differential-linear cryptanalysis of ChaCha7 with MILP |
title_short |
Boosting differential-linear cryptanalysis of ChaCha7 with MILP |
title_full |
Boosting differential-linear cryptanalysis of ChaCha7 with MILP |
title_fullStr |
Boosting differential-linear cryptanalysis of ChaCha7 with MILP |
title_full_unstemmed |
Boosting differential-linear cryptanalysis of ChaCha7 with MILP |
title_sort |
boosting differential-linear cryptanalysis of chacha7 with milp |
publishDate |
2023 |
url |
https://hdl.handle.net/10356/171650 |
_version_ |
1783955585554710528 |