Advertisement

Integer Linear Programming for Three-Subset Meet-in-the-Middle Attacks: Application to GIFT

  • Yu Sasaki
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11049)

Abstract

This article presents a new usage of integer-linear-programming (ILP) for block-cipher analysis, in particular for automating a procedure to search for optimal independent key bits used in a meet-in-the-middle (MitM) attack. The research is motivated by a recent lightweight block-cipher design GIFT, in which the evaluation by the designers has some room to be improved. The developed tool finds optimal choices of independent key bits, which improves the complexity of the 15-round MitM attack, the current best attack, on GIFT-64 from \(2^{120}\) to \(2^{112}\).

Keywords

GIFT Block cipher Cryptanalysis Symmetric-key Meet-in-the-middle Integer linear programming 

References

  1. 1.
    Biryukov, A., Großschädl, J., Le Corre, Y.: CryptoLUX, Lightweight Cryptography (2015). https://www.cryptolux.org/index.php/Lightweight_Cryptography
  2. 2.
    Aoki, K., Sasaki, Y.: Preimage attacks on one-block MD4, 63-step MD5 and more. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 103–119. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-04159-4_7CrossRefGoogle Scholar
  3. 3.
    Banik, S., Pandey, S.K., Peyrin, T., Sasaki, Y., Sim, S.M., Todo, Y.: GIFT: a small present - towards reaching the limit of lightweight encryption. In: Fischer, W., Homma, N. (eds.) CHES 2017. LNCS, vol. 10529, pp. 321–345. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-66787-4_16CrossRefGoogle Scholar
  4. 4.
    Beaulieu, R., Shors, D., Smith, J., Treatman-Clark, S., Weeks, B., Wingers, L.: The SIMON and SPECK families of lightweight block ciphers. Cryptology ePrint Archive, Report 2013/404 (2013)Google Scholar
  5. 5.
    Beierle, C., et al.: The SKINNY family of block ciphers and its low-latency variant MANTIS. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016, Part II. LNCS, vol. 9815, pp. 123–153. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53008-5_5CrossRefGoogle Scholar
  6. 6.
    Bogdanov, A., et al.: PRESENT: an ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-74735-2_31CrossRefGoogle Scholar
  7. 7.
    Bogdanov, A., Rechberger, C.: A 3-subset meet-in-the-middle attack: cryptanalysis of the lightweight block cipher KTANTAN. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) SAC 2010. LNCS, vol. 6544, pp. 229–240. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-19574-7_16CrossRefzbMATHGoogle Scholar
  8. 8.
    Cui, T., Jia, K., Fu, K., Chen, S., Wang, M.: New automatic search tool for impossible differentials and zero-correlation linear approximations. Cryptology ePrint Archive, Report 2016/689 (2016). https://eprint.iacr.org/2016/689
  9. 9.
    Diffie, W., Hellman, M.E.: Exhaustive cryptanalysis of the NBS data encryption standard. Comput. Issue 6(10), 74–84 (1977)Google Scholar
  10. 10.
    Dinur, I., Dunkelman, O., Keller, N., Shamir, A.: Key recovery attacks on 3-round Even-Mansour, 8-step LED-128, and full AES2. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013, Part I. LNCS, vol. 8269, pp. 337–356. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-42033-7_18CrossRefGoogle Scholar
  11. 11.
    Gurobi Optimization Inc.: Gurobi optimizer 7.0. Official webpage (2015). http://www.gurobi.com/
  12. 12.
    Isobe, T.: A single-key attack on the full GOST block cipher. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 290–305. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-21702-9_17CrossRefGoogle Scholar
  13. 13.
    Isobe, T.: A single-key attack on the full GOST block cipher. J. Cryptol. 26(1), 172–189 (2013)MathSciNetCrossRefGoogle Scholar
  14. 14.
    Isobe, T., Shibutani, K.: Security analysis of the lightweight block ciphers XTEA, LED and Piccolo. In: Susilo, W., Mu, Y., Seberry, J. (eds.) ACISP 2012. LNCS, vol. 7372, pp. 71–86. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-31448-3_6CrossRefzbMATHGoogle Scholar
  15. 15.
    Isobe, T., Shibutani, K.: Generic key recovery attack on feistel scheme. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013, Part I. LNCS, vol. 8269, pp. 464–485. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-42033-7_24CrossRefGoogle Scholar
  16. 16.
    Li, Z., Bi, W., Dong, X., Wang, X.: Improved conditional cube attacks on keccak keyed modes with MILP method. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017, Part I. LNCS, vol. 10624, pp. 99–127. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-70694-8_4CrossRefGoogle Scholar
  17. 17.
    Mouha, N., Wang, Q., Gu, D., Preneel, B.: Differential and linear cryptanalysis using mixed-integer linear programming. In: Wu, C.-K., Yung, M., Lin, D. (eds.) Inscrypt 2011. LNCS, vol. 7537, pp. 57–76. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-34704-7_5CrossRefzbMATHGoogle Scholar
  18. 18.
    Needham, R.M., Wheeler, D.J.: TEA extensions. Technical report, Computer Laboratory, University of Cambridge (1997)Google Scholar
  19. 19.
    Sasaki, Y., Aoki, K.: Finding preimages in full MD5 faster than exhaustive search. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 134–152. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-01001-9_8CrossRefGoogle Scholar
  20. 20.
    Sasaki, Y., Todo, Y.: New differential bounds and division property of Lilliput: block cipher with extended generalized feistel network. In: Avanzi, R., Heys, H. (eds.) SAC 2016. LNCS, vol. 10532, pp. 264–283. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-69453-5_15CrossRefGoogle Scholar
  21. 21.
    Sasaki, Y., Todo, Y.: New impossible differential search tool from design and cryptanalysis aspects - revealing structural properties of several ciphers. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017, Part III. LNCS, vol. 10212, pp. 185–215. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-56617-7_7CrossRefGoogle Scholar
  22. 22.
    Sasaki, Y., Wang, L., Sakai, Y., Sakiyama, K., Ohta, K.: Three-subset meet-in-the-middle attack on reduced XTEA. In: Mitrokotsa, A., Vaudenay, S. (eds.) AFRICACRYPT 2012. LNCS, vol. 7374, pp. 138–154. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-31410-0_9CrossRefzbMATHGoogle Scholar
  23. 23.
    Sun, L., Wang, W., Wang, M.: Automatic search of bit-based division property for ARX ciphers and word-based division property. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017, Part I. LNCS, vol. 10624, pp. 128–157. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-70694-8_5CrossRefGoogle Scholar
  24. 24.
    Sun, S., et al.: Towards finding the best characteristics of some bit-oriented block ciphers and automatic enumeration of (related-key) differential and linear characteristics with predefined properties. Cryptology ePrint Archive, Report 2014/747 (2014)Google Scholar
  25. 25.
    Sun, S., Hu, L., Wang, P., Qiao, K., Ma, X., Song, L.: Automatic security evaluation and (related-key) differential characteristic search: application to SIMON, PRESENT, LBlock, DES(L) and other bit-oriented block ciphers. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014, Part I. LNCS, vol. 8873, pp. 158–178. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-45611-8_9CrossRefGoogle Scholar
  26. 26.
    Wei, L., Rechberger, C., Guo, J., Wu, H., Wang, H., Ling, S.: Improved meet-in-the-middle cryptanalysis of KTANTAN (poster). In: Parampalli, U., Hawkes, P. (eds.) ACISP 2011. LNCS, vol. 6812, pp. 433–438. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-22497-3_31CrossRefGoogle Scholar
  27. 27.
    Xiang, Z., Zhang, W., Bao, Z., Lin, D.: Applying MILP method to searching integral distinguishers based on division property for 6 lightweight block ciphers. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016, Part I. LNCS, vol. 10031, pp. 648–678. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53887-6_24CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.NTT Secure Platform LaboratoriesMusashino-shiJapan

Personalised recommendations