Resynchronization weaknesses in synchronous stream ciphers
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
Linear cryptanalysis method for DES cipher
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
The Design of Rijndael
SAC '00 Proceedings of the 7th Annual International Workshop on Selected Areas in Cryptography
Fast Hashing and Stream Encryption with PANAMA
FSE '98 Proceedings of the 5th International Workshop on Fast Software Encryption
The Wide Trail Design Strategy
Proceedings of the 8th IMA International Conference on Cryptography and Coding
Bivium as a Mixed-Integer Linear Programming Problem
Cryptography and Coding '09 Proceedings of the 12th IMA International Conference on Cryptography and Coding
On the diffusion of generalized Feistel structures regarding differential and linear cryptanalysis
SAC'10 Proceedings of the 17th international conference on Selected areas in cryptography
SAC'10 Proceedings of the 17th international conference on Selected areas in cryptography
On unbalanced Feistel networks with contracting MDS diffusion
Designs, Codes and Cryptography
Search for related-key differential characteristics in DES-like ciphers
FSE'11 Proceedings of the 18th international conference on Fast software encryption
FIDES: lightweight authenticated cipher with side-channel resistance for constrained hardware
CHES'13 Proceedings of the 15th international conference on Cryptographic Hardware and Embedded Systems
Hi-index | 0.00 |
Differential and linear cryptanalysis are two of the most powerful techniques to analyze symmetric-key primitives. For modern ciphers, resistance against these attacks is therefore a mandatory design criterion. In this paper, we propose a novel technique to prove security bounds against both differential and linear cryptanalysis. We use mixed-integer linear programming (MILP), a method that is frequently used in business and economics to solve optimization problems. Our technique significantly reduces the workload of designers and cryptanalysts, because it only involves writing out simple equations that are input into an MILP solver. As very little programming is required, both the time spent on cryptanalysis and the possibility of human errors are greatly reduced. Our method is used to analyze Enocoro-128v2, a stream cipher that consists of 96 rounds. We prove that 38 rounds are sufficient for security against differential cryptanalysis, and 61 rounds for security against linear cryptanalysis. We also illustrate our technique by calculating the number of active S-boxes for AES.