scholarly journals A Security Analysis of Deoxys and its Internal Tweakable Block Ciphers

2017 ◽  
pp. 73-107 ◽  
Author(s):  
Carlos Cid ◽  
Tao Huang ◽  
Thomas Peyrin ◽  
Yu Sasaki ◽  
Ling Song
Keyword(s):  
Linear Programming ◽  
Mixed Integer Linear Programming ◽  
Block Cipher ◽  
Security Analysis ◽  
Block Ciphers ◽  
Mixed Integer ◽  
Authenticated Encryption ◽  
Search Tool ◽  
Caesar Competition ◽  
Milp Model

In this article, we provide the first independent security analysis of Deoxys, a third-round authenticated encryption candidate of the CAESAR competition, and its internal tweakable block ciphers Deoxys-BC-256 and Deoxys-BC-384. We show that the related-tweakey differential bounds provided by the designers can be greatly improved thanks to a Mixed Integer Linear Programming (MILP) based search tool. In particular, we develop a new method to incorporate linear incompatibility in the MILP model. We use this tool to generate valid differential paths for reduced-round versions of Deoxys-BC-256 and Deoxys-BC-384, later combining them into broader boomerang or rectangle attacks. Here, we also develop a new MILP model which optimises the two paths by taking into account the effect of the ladder switch technique. Interestingly, with the tweak in Deoxys-BC providing extra input as opposed to a classical block cipher, we can even consider beyond full-codebook attacks. As these primitives are based on the TWEAKEY framework, we further study how the security of the cipher is impacted when playing with the tweak/key sizes. All in all, we are able to attack 10 rounds of Deoxys-BC-256 (out of 14) and 13 rounds of Deoxys-BC-384 (out of 16). The extra rounds specified in Deoxys-BC to balance the tweak input (when compared to AES) seem to provide about the same security margin as AES-128. Finally we analyse why the authenticated encryption modes of Deoxys mostly prevent our attacks on Deoxys-BC to apply to the authenticated encryption primitive.

scholarly journals Integral Distinguishers of the Full-Round Lightweight Block Cipher SAT_Jo

2021 ◽  
Vol 2021 ◽  
pp. 1-9
Author(s):  
Xueying Qiu ◽  
Yongzhuang Wei ◽  
Samir Hodzic ◽  
Enes Pasalic
Keyword(s):  
Linear Programming ◽  
Integer Linear Programming ◽  
Mixed Integer Linear Programming ◽  
Time Complexity ◽  
Block Cipher ◽  
Security Analysis ◽  
Mixed Integer ◽  
Substitution Boxes ◽  
Lightweight Block Cipher ◽  
The One

Integral cryptanalysis based on division property is a powerful cryptanalytic method whose range of successful applications was recently extended through the use of Mixed-Integer Linear Programming (MILP). Although this technique was demonstrated to be efficient in specifying distinguishers of reduced round versions of several families of lightweight block ciphers (such as SIMON, PRESENT, and few others), we show that this method provides distinguishers for a full-round block cipher SAT_Jo. SAT_Jo cipher is very similar to the well-known PRESENT block cipher, which has successfully withstood the known cryptanalytic methods. The main difference compared to PRESENT, which turns out to induce severe weaknesses of SAT_Jo algorithm, is its different choice of substitution boxes (S-boxes) and the bit-permutation layer for the reasons of making the cipher highly resource-efficient. Even though the designers provided a security analysis of this scheme against some major generic cryptanalytic methods, an application of the bit-division property in combination with MILP was not considered. By specifying integral distinguishers for the full-round SAT_Jo algorithm using this method, we essentially disapprove its use in intended applications. Using a 30-round distinguisher, we also describe a subkey recovery attack on the SAT_Jo algorithm whose time complexity is about 2 66 encryptions (noting that SAT_Jo is designed to provide 80 bits of security). Moreover, it seems that the choice of bit-permutation induces weak division properties since replacing the original bit-permutation of SAT_Jo by the one used in PRESENT immediately renders integral distinguishers inefficient.

scholarly journals Optimising the selection of food items for FFQs using Mixed Integer Linear Programming

2014 ◽  
Vol 18 (1) ◽  
pp. 68-74 ◽  
Author(s):  
Johanna C Gerdessen ◽  
Olga W Souverein ◽  
Pieter van ‘t Veer ◽  
Jeanne HM de Vries
Keyword(s):  
Linear Programming ◽  
Integer Linear Programming ◽  
Mixed Integer Linear Programming ◽  
Selection Process ◽  
Saturated Fat ◽  
Mixed Integer ◽  
Monounsaturated Fat ◽  
Food Items ◽  
Milp Model ◽  
Selection Of

AbstractObjectiveTo support the selection of food items for FFQs in such a way that the amount of information on all relevant nutrients is maximised while the food list is as short as possible.DesignSelection of the most informative food items to be included in FFQs was modelled as a Mixed Integer Linear Programming (MILP) model. The methodology was demonstrated for an FFQ with interest in energy, total protein, total fat, saturated fat, monounsaturated fat, polyunsaturated fat, total carbohydrates, mono- and disaccharides, dietary fibre and potassium.ResultsThe food lists generated by the MILP model have good performance in terms of length, coverage and R2 (explained variance) of all nutrients. MILP-generated food lists were 32–40 % shorter than a benchmark food list, whereas their quality in terms of R2 was similar to that of the benchmark.ConclusionsThe results suggest that the MILP model makes the selection process faster, more standardised and transparent, and is especially helpful in coping with multiple nutrients. The complexity of the method does not increase with increasing number of nutrients. The generated food lists appear either shorter or provide more information than a food list generated without the MILP model.

scholarly journals Spillways Scheduling for Flood Control of Three Gorges Reservoir Using Mixed Integer Linear Programming Model

2014 ◽  
Vol 2014 ◽  
pp. 1-9 ◽  
Author(s):  
Maoyuan Feng ◽  
Pan Liu
Keyword(s):  
Linear Programming ◽  
Integer Linear Programming ◽  
Mixed Integer Linear Programming ◽  
Three Gorges Reservoir ◽  
Flood Control ◽  
Mixed Integer ◽  
Piecewise Linear Approximation ◽  
Three Gorges ◽  
Reservoir Storage ◽  
Milp Model

This study proposes a mixed integer linear programming (MILP) model to optimize the spillways scheduling for reservoir flood control. Unlike the conventional reservoir operation model, the proposed MILP model specifies the spillways status (including the number of spillways to be open and the degree of the spillway opened) instead of reservoir release, since the release is actually controlled by using the spillway. The piecewise linear approximation is used to formulate the relationship between the reservoir storage and water release for a spillway, which should be open/closed with a status depicted by a binary variable. The control order and symmetry rules of spillways are described and incorporated into the constraints for meeting the practical demand. Thus, a MILP model is set up to minimize the maximum reservoir storage. The General Algebraic Modeling System (GAMS) and IBM ILOG CPLEX Optimization Studio (CPLEX) software are used to find the optimal solution for the proposed MILP model. The China’s Three Gorges Reservoir, whose spillways are of five types with the total number of 80, is selected as the case study. It is shown that the proposed model decreases the flood risk compared with the conventional operation and makes the operation more practical by specifying the spillways status directly.

scholarly journals Security Analysis of SKINNY under Related-Tweakey Settings

2017 ◽  
pp. 37-72 ◽  
Author(s):  
Guozhen Liu ◽  
Mohona Ghosh ◽  
Ling Song
Keyword(s):  
Linear Programming ◽  
Lower Bounds ◽  
Integer Linear Programming ◽  
Mixed Integer Linear Programming ◽  
Security Analysis ◽  
Block Size ◽  
Differential Cryptanalysis ◽  
Mixed Integer ◽  
New Family ◽  
Searching Method

In CRYPTO’16, a new family of tweakable lightweight block ciphers - SKINNY was introduced. Denoting the variants of SKINNY as SKINNY-n-t, where n represents the block size and t represents the tweakey length, the design specifies t ∈ {n, 2n, 3n}. In this work, we evaluate the security of SKINNY against differential cryptanalysis in the related-tweakey model. First, we investigate truncated related-tweakey differential trails of SKINNY and search for the longest impossible and rectangle distinguishers where there is only one active cell in the input and the output. Based on the distinguishers obtained, 19, 23 and 27 rounds of SKINNY-n-n, SKINNY-n-2n and SKINNY-n-3n can be attacked respectively. Next, actual differential trails for SKINNY under related-tweakey model are explored and optimal differential trails of SKINNY-64 within certain number of rounds are searched with an indirect searching method based on Mixed-Integer Linear Programming. The results show a trend that as the number of rounds increases, the probability of optimal differential trails is much lower than the probability derived from the lower bounds of active Sboxes in SKINNY.

Optimizing a Pipeline Operation by Constraint Logic Programming (CLP) and Mixed Integer Linear Programming (MILP)

2004 ◽  
Author(s):  
L. Magata˜o ◽  
L. V. R. Arruda ◽  
F. Neves
Keyword(s):  
Decision Making ◽  
Linear Programming ◽  
Logic Programming ◽  
Integer Linear Programming ◽  
Mixed Integer Linear Programming ◽  
Constraint Logic Programming ◽  
Mixed Integer ◽  
Pipeline System ◽  
Liquefied Petroleum Gas ◽  
Milp Model

This paper addresses the problem of developing an optimization structure to aid the operational decision-making in a real-world pipeline scenario. The pipeline connects an inland refinery to a harbor, conveying different types of products (gasoline, diesel, kerosene, alcohol, liquefied petroleum gas, jet fuel, etc). The scheduling of activities has to be specified in advance by a specialist, who must provide low cost operational procedures. The specialist has to take into account issues concerning product availability, tankage constraints, pumping sequencing, flow rate determination, and a series of operational requirements. Thus, the decision-making process is hard and error-prone due to the diversity of aspects to be considered. Nevertheless, the developed optimization structure can aid the specialist in solving the pipeline scheduling task with improved efficiency. Such optimization structure has its core in a novel mathematical approach, which uses Constraint Logic Programming (CLP) and Mixed Integer Linear Programming (MILP) technologies in an integrated CLP-MILP model. In particular, the integration of CLP and MILP technologies has been recognized as an emerging discipline for achieving the best that CLP and MILP can contribute to solve scheduling problems [1]. The scheme used for integrating CLP and MILP is double modeling [1], and the combined CLP-MILP model is implemented and solved by using a commercial tool [2]. Illustrative instances demonstrate that the optimization structure is able to define new operational points to the pipeline system, providing significant cost saving.

MILP-based Related-Key Rectangle Attack and Its Application to GIFT, Khudra, MIBS

2019 ◽  
Author(s):  
Lele Chen ◽  
Gaoli Wang ◽  
GuoYan Zhang
Keyword(s):  
Linear Programming ◽  
Integer Linear Programming ◽  
Mixed Integer Linear Programming ◽  
Time Complexity ◽  
Block Ciphers ◽  
Mixed Integer ◽  
Data Complexity ◽  
Differential Attack

AbstractThe rectangle attack is the extension of the traditional differential attack and is evolved from the boomerange attack. It has been widely used to attack several existing ciphers. In this article, we study the security of lightweight block ciphers GIFT, Khudra and MIBS against related-key rectangle attack. We use Mixed-Integer Linear Programming-aided cryptanalysis to search rectangle distinguishers by taking into account the effect of the ladder switch technique. For GIFT, we build a 19-round related-key rectangle distinguisher and attack on 23-round GIFT-64, which requires 260 chosen plaintexts and 2107 encryptions. For Khudra, a 14-round related-key rectangle distinguisher can be built, which leads us to a 17-round rectangle attack. Our attack on 17-round Khudra requires a data complexity of 262.9 chosen plaintexts and a time complexity of 273.9 encryptions. For MIBS, we construct a 13-round related-key rectangle distinguisher and propose an attack on 15-round MIBS-64 with time complexity of 259 and data complexity of 245. Compared to the previous best related-key rectangle attack, we can attack one more round on Khudra and MIBS-64 than before.

scholarly journals Mixed-Integer Linear Programming Model by Linear Approximation for a Strike Package-to-Target Assignment Problem

2021 ◽  
Vol 2021 ◽  
pp. 1-12
Author(s):  
Heungseob Kim
Keyword(s):  
Linear Programming ◽  
Linear Approximation ◽  
Integer Linear Programming ◽  
Mixed Integer Linear Programming ◽  
Programming Model ◽  
Mixed Integer ◽  
Piecewise Linear Approximation ◽  
Heterogeneous Vehicle Routing Problem ◽  
Target Assignment ◽  
Milp Model

This study deals with an aircraft-to-target assignment (ATA) problem considering the modern air operation environment, such as the strike package concept, multiple targets for a sortie, and the strike packages’ survivability. For the ATA problem, this study introduces a novel mathematical model in which a heterogeneous vehicle routing problem (HVRP) and a weapon-to-target assignment (WTA) problem are conceptually integrated. The HVRP generates the flight routes for strike packages because this study confirms that the survivability of a strike package depends on the path, and the WTA problem evaluates the likelihood of successful target destruction of assigned weapons. Although the first version of the model is developed as a mixed-integer nonlinear programming (MINLP) model, this study attempts to convert it to a mixed-integer linear programming (MILP) model using the logarithmic transformation and piecewise linear approximation methods. For an ATA problem, this activity could provide an opportunity to use the excellent existing algorithms for searching the optimal solution of LP models. To maximize the operational effectiveness, the MILP model simultaneously determines the following for each strike package: (a) composition type, (b) targets, (c) flight route, (d) types, and (e) quantity of weapons for each target.

Sign in / Sign up

Export Citation Format

Share Document