MILP-based Related-Key Rectangle Attack and Its Application to GIFT, Khudra, MIBS

2019 ◽  
Author(s):  
Lele Chen ◽  
Gaoli Wang ◽  
GuoYan Zhang
Keyword(s):  
Linear Programming ◽  
Integer Linear Programming ◽  
Mixed Integer Linear Programming ◽  
Time Complexity ◽  
Block Ciphers ◽  
Mixed Integer ◽  
Data Complexity ◽  
Differential Attack

AbstractThe rectangle attack is the extension of the traditional differential attack and is evolved from the boomerange attack. It has been widely used to attack several existing ciphers. In this article, we study the security of lightweight block ciphers GIFT, Khudra and MIBS against related-key rectangle attack. We use Mixed-Integer Linear Programming-aided cryptanalysis to search rectangle distinguishers by taking into account the effect of the ladder switch technique. For GIFT, we build a 19-round related-key rectangle distinguisher and attack on 23-round GIFT-64, which requires 260 chosen plaintexts and 2107 encryptions. For Khudra, a 14-round related-key rectangle distinguisher can be built, which leads us to a 17-round rectangle attack. Our attack on 17-round Khudra requires a data complexity of 262.9 chosen plaintexts and a time complexity of 273.9 encryptions. For MIBS, we construct a 13-round related-key rectangle distinguisher and propose an attack on 15-round MIBS-64 with time complexity of 259 and data complexity of 245. Compared to the previous best related-key rectangle attack, we can attack one more round on Khudra and MIBS-64 than before.

scholarly journals Integral Distinguishers of the Full-Round Lightweight Block Cipher SAT_Jo

2021 ◽  
Vol 2021 ◽  
pp. 1-9
Author(s):  
Xueying Qiu ◽  
Yongzhuang Wei ◽  
Samir Hodzic ◽  
Enes Pasalic
Keyword(s):  
Linear Programming ◽  
Integer Linear Programming ◽  
Mixed Integer Linear Programming ◽  
Time Complexity ◽  
Block Cipher ◽  
Security Analysis ◽  
Mixed Integer ◽  
Substitution Boxes ◽  
Lightweight Block Cipher ◽  
The One

Integral cryptanalysis based on division property is a powerful cryptanalytic method whose range of successful applications was recently extended through the use of Mixed-Integer Linear Programming (MILP). Although this technique was demonstrated to be efficient in specifying distinguishers of reduced round versions of several families of lightweight block ciphers (such as SIMON, PRESENT, and few others), we show that this method provides distinguishers for a full-round block cipher SAT_Jo. SAT_Jo cipher is very similar to the well-known PRESENT block cipher, which has successfully withstood the known cryptanalytic methods. The main difference compared to PRESENT, which turns out to induce severe weaknesses of SAT_Jo algorithm, is its different choice of substitution boxes (S-boxes) and the bit-permutation layer for the reasons of making the cipher highly resource-efficient. Even though the designers provided a security analysis of this scheme against some major generic cryptanalytic methods, an application of the bit-division property in combination with MILP was not considered. By specifying integral distinguishers for the full-round SAT_Jo algorithm using this method, we essentially disapprove its use in intended applications. Using a 30-round distinguisher, we also describe a subkey recovery attack on the SAT_Jo algorithm whose time complexity is about 2 66 encryptions (noting that SAT_Jo is designed to provide 80 bits of security). Moreover, it seems that the choice of bit-permutation induces weak division properties since replacing the original bit-permutation of SAT_Jo by the one used in PRESENT immediately renders integral distinguishers inefficient.

scholarly journals Towards Finding Active Number of S-Boxes in Block Ciphers using Mixed Integer Linear Programming

Informatica ◽  
2021 ◽  
Vol 45 (6) ◽  
Author(s):  
Vikas Tiwari ◽  
Neelima Jampala ◽  
Appala Naidu Tentu ◽  
Ashutosh Saxena
Keyword(s):  
Linear Programming ◽  
Integer Linear Programming ◽  
Mixed Integer Linear Programming ◽  
Block Ciphers ◽  
Mixed Integer

scholarly journals A New Peak-Shaving Model Based on Mixed Integer Linear Programming with Variable Peak-Shaving Order

Energies ◽  
2021 ◽  
Vol 14 (4) ◽  
pp. 887
Author(s):  
Xianliang Cheng ◽  
Suzhen Feng ◽  
Yanxuan Huang ◽  
Jinwen Wang
Keyword(s):  
Linear Programming ◽  
Power Systems ◽  
Integer Linear Programming ◽  
Mixed Integer Linear Programming ◽  
Mixed Integer ◽  
Time Interval ◽  
Renewable Energy Resources ◽  
Load Curve ◽  
Peak Shaving ◽  
Model Based

Peak-shaving is a very efficient and practical strategy for a day-ahead hydropower scheduling in power systems, usually aiming to appropriately schedule hourly (or in less time interval) power generations of individual plants so as to smooth the load curve while enforcing the energy production target of each plant. Nowadays, the power marketization and booming development of renewable energy resources are complicating the constraints and diversifying the objectives, bringing challenges for the peak-shaving method to be more flexible and efficient. Without a pre-set or fixed peak-shaving order of plants, this paper formulates a new peak-shaving model based on the mixed integer linear programming (MILP) to solve the scheduling problem in an optimization way. Compared with the traditional peak-shaving methods that need to determine the order of plants to peak-shave the load curve one by one, the present model has better flexibility as it can handle the plant-based operating zones and prioritize the constraints and objectives more easily. With application to six cascaded hydropower reservoirs on the Lancang River in China, the model is tested efficient and practical in engineering perspective.

Sign in / Sign up

Export Citation Format

Share Document