Differential and linear cryptanalysis using mixed-integer linear programming

Authors:
Nicky Mouha;Qingju Wang;Dawu Gu;Bart Preneel
Affiliations:
Department of Electrical Engineering ESAT/SCD-COSIC, Katholieke Universiteit Leuven, Heverlee, Belgium,Interdisciplinary Institute for BroadBand Technology (IBBT), Belgium;Department of Electrical Engineering ESAT/SCD-COSIC, Katholieke Universiteit Leuven, Heverlee, Belgium,Department of Computer Science and Engineering, Shanghai Jiao Tong University, Shanghai, Chin ...;Department of Computer Science and Engineering, Shanghai Jiao Tong University, Shanghai, China;Department of Electrical Engineering ESAT/SCD-COSIC, Katholieke Universiteit Leuven, Heverlee, Belgium,Interdisciplinary Institute for BroadBand Technology (IBBT), Belgium
Venue:
Inscrypt'11 Proceedings of the 7th international conference on Information Security and Cryptology
Year:
2011

Citing 11
Cited 1

Resynchronization weaknesses in synchronous stream ciphers

EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
Linear cryptanalysis method for DES cipher

EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
The Design of Rijndael

The Design of Rijndael
Practical Security Evaluation against Differential and Linear Cryptanalyses for Feistel Ciphers with SPN Round Function

SAC '00 Proceedings of the 7th Annual International Workshop on Selected Areas in Cryptography
Fast Hashing and Stream Encryption with PANAMA

FSE '98 Proceedings of the 5th International Workshop on Fast Software Encryption
The Wide Trail Design Strategy

Proceedings of the 8th IMA International Conference on Cryptography and Coding
Bivium as a Mixed-Integer Linear Programming Problem

Cryptography and Coding '09 Proceedings of the 12th IMA International Conference on Cryptography and Coding
On the diffusion of generalized Feistel structures regarding differential and linear cryptanalysis

SAC'10 Proceedings of the 17th international conference on Selected areas in cryptography
Security analysis of SIMD

SAC'10 Proceedings of the 17th international conference on Selected areas in cryptography
On unbalanced Feistel networks with contracting MDS diffusion

Designs, Codes and Cryptography
Search for related-key differential characteristics in DES-like ciphers

FSE'11 Proceedings of the 18th international conference on Fast software encryption

FIDES: lightweight authenticated cipher with side-channel resistance for constrained hardware

CHES'13 Proceedings of the 15th international conference on Cryptographic Hardware and Embedded Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

Differential and linear cryptanalysis are two of the most powerful techniques to analyze symmetric-key primitives. For modern ciphers, resistance against these attacks is therefore a mandatory design criterion. In this paper, we propose a novel technique to prove security bounds against both differential and linear cryptanalysis. We use mixed-integer linear programming (MILP), a method that is frequently used in business and economics to solve optimization problems. Our technique significantly reduces the workload of designers and cryptanalysts, because it only involves writing out simple equations that are input into an MILP solver. As very little programming is required, both the time spent on cryptanalysis and the possibility of human errors are greatly reduced. Our method is used to analyze Enocoro-128v2, a stream cipher that consists of 96 rounds. We prove that 38 rounds are sufficient for security against differential cryptanalysis, and 61 rounds for security against linear cryptanalysis. We also illustrate our technique by calculating the number of active S-boxes for AES.