scholarly journals MILP Modeling for (Large) S-boxes to Optimize Probability of Differential Characteristics

2017 ◽  
pp. 99-129 ◽  
Author(s):  
Ahmed Abdelkhalek ◽  
Yu Sasaki ◽  
Yosuke Todo ◽  
Mohamed Tolba ◽  
Amr M. Youssef
Keyword(s):  
Lower Bound ◽  
Boolean Functions ◽  
Mixed Integer ◽  
Differential Distribution ◽  
Round Function ◽  
Logical Condition ◽  
Differential Characteristic ◽  
Condition Modeling ◽  
Symmetric Key ◽  
Truncated Differential

Current Mixed Integer Linear Programming (MILP)-based search against symmetric-key primitives with 8-bit S-boxes can only build word-wise model to search for truncated differential characteristics. In such a model, the properties of the Differential Distribution Table (DDT) are not considered. To take these properties into account, a bit-wise model is necessary, which can be generated by the H-representation of the convex hull or the logical condition modeling. However, the complexity of both approaches becomes impractical when the size of the S-box exceeds 5 bits. In this paper, we propose a new modeling for large (8-bit or more) S-boxes. In particular, we first propose an algorithm to generate a bit-wise model of the DDT for large S-boxes. We observe that the problem of generating constraints in logical condition modeling can be converted into the problem of minimizing the product-of-sum of Boolean functions, which is a well-studied problem. Hence, classical off-the-shelf solutions such as the Quine-McCluskey algorithm or the Espresso algorithm can be utilized, which makes building a bit-wise model, for 8-bit or larger S-boxes, practical. Then this model is further extended to search for the best differential characteristic by considering the probabilities of each propagation in the DDT, which is a much harder problem than searching for the lower bound on the number of active S-boxes. Our idea is to separate the DDT into multiple tables for each probability and add conditional constraints to control the behavior of these multiple tables. The proposed modeling is first applied to SKINNY-128 to find that there is no differential characteristic having probability higher than 2−128 for 14 rounds, while the designers originally expected that 15 rounds were required. We also applied the proposed modeling to two, arbitrarily selected, constructions of the seven AES round function based constructions proposed in FSE 2016 and managed to improve the lower bound on the number of the active S-boxes in one construction and the upper bound on the differential characteristic for the other.

New Automatic Search Method for Truncated-Differential Characteristics Application to Midori, SKINNY and CRAFT

2020 ◽  
Vol 63 (12) ◽  
pp. 1813-1825
Author(s):  
AmirHossein Ebrahimi Moghaddam ◽  
Zahra Ahmadian
Keyword(s):  
Mixed Integer Linear Programming ◽  
Random Permutation ◽  
Block Ciphers ◽  
Search Method ◽  
Mixed Integer ◽  
Differential Analysis ◽  
Differential Characteristic ◽  
Search Tool ◽  
Automatic Search ◽  
Truncated Differential

Abstract In this paper, using Mixed-Integer Linear Programming, a new automatic search tool for truncated differential characteristic is presented. Our method models the problem of finding a maximal probability truncated differential characteristic, being able to distinguish the cipher from a pseudo-random permutation. Using this method, we analyze Midori64, SKINNY64/X and CRAFT block ciphers, for all of which the existing results are improved. In all cases, the truncated differential characteristic is much more efficient than the (upper bound of) bit-wise differential characteristic proven by the designers, for any number of rounds. More specifically, the highest possible rounds, for which an efficient differential characteristic can exist for Midori64, SKINNY64/X and CRAFT are 6, 7 and 10 rounds, respectively, for which differential characteristics with maximum probabilities of $2^{-60}$, $2^{-52}$ and $2^{-62.61}$ (may) exist. Using our new method, we introduce new truncated differential characteristics for these ciphers with respective probabilities $2^{-54}$, $2^{-4}$ and $2^{-24}$ at the same number of rounds. Moreover, the longest truncated differential characteristics found for SKINNY64/X and CRAFT have 10 and 12 rounds, respectively. This method can be used as a new tool for differential analysis of SPN block ciphers.

scholarly journals Analysis of AES, SKINNY, and Others with Constraint Programming

2017 ◽  
pp. 281-306 ◽  
Author(s):  
Siwei Sun ◽  
David Gerault ◽  
Pascal Lafourcade ◽  
Qianqian Yang ◽  
Yosuke Todo ◽  
...  
Keyword(s):  
Lower Bound ◽  
Constraint Programming ◽  
Open Problem ◽  
Simple Application ◽  
Programming Technique ◽  
Constraint Solver ◽  
Zero Correlation ◽  
Different Types ◽  
Symmetric Key ◽  
Impossible Differentials

Search for different types of distinguishers are common tasks in symmetrickey cryptanalysis. In this work, we employ the constraint programming (CP) technique to tackle such problems. First, we show that a simple application of the CP approach proposed by Gerault et al. leads to the solution of the open problem of determining the exact lower bound of the number of active S-boxes for 6-round AES-128 in the related-key model. Subsequently, we show that the same approach can be applied in searching for integral distinguishers, impossible differentials, zero-correlation linear approximations, in both the single-key and related-(twea)key model. We implement the method using the open source constraint solver Choco and apply it to the block ciphers PRESENT, SKINNY, and HIGHT (ARX construction). As a result, we find 16 related-tweakey impossible differentials for 12-round SKINNY-64-128 based on which we construct an 18-round attack on SKINNY-64-128 (one target version for the crypto competition https://sites.google.com/site/skinnycipher announced at ASK 2016). Moreover, we show that in some cases, when equipped with proper strategies (ordering heuristic, restart and dynamic branching strategy), the CP approach can be very efficient. Therefore, we suggest that the constraint programming technique should become a convenient tool at hand of the symmetric-key cryptanalysts.

scholarly journals New Constructions of Balanced Boolean Functions with Maximum Algebraic Immunity, High Nonlinearity and Optimal Algebraic Degree

2020 ◽  
Vol 17 (7) ◽  
pp. 639-654
Author(s):  
Dheeraj Kumar SHARMA ◽  
Rajoo PANDEY
Keyword(s):  
Lower Bound ◽  
Boolean Function ◽  
Boolean Functions ◽  
Primitive Element ◽  
Galois Field ◽  
Algebraic Degree ◽  
Algebraic Immunity ◽  
Greatest Common Divisor ◽  
Primitive Elements ◽  
High Nonlinearity

This paper consists of proposal of two new constructions of balanced Boolean function achieving a new lower bound of nonlinearity along with high algebraic degree and optimal or highest algebraic immunity. This construction has been made by using representation of Boolean function with primitive elements. Galois Field,  used in this representation has been constructed by using powers of primitive element such that greatest common divisor of power and  is 1. The constructed balanced  variable Boolean functions achieve higher nonlinearity, algebraic degree of , and algebraic immunity of   for odd ,  for even . The nonlinearity of Boolean function obtained in the proposed constructions is better as compared to existing Boolean functions available in the literature without adversely affecting other properties such as balancedness, algebraic degree and algebraic immunity.

scholarly journals A Lower Bound of Fast Algebraic Immunity of a Class of 1-Resilient Boolean Functions

IEEE Access ◽  
2019 ◽  
Vol 7 ◽  
pp. 90145-90151 ◽  
Author(s):  
Yindong Chen ◽  
Liu Zhang ◽  
Jianlong Xu ◽  
Weihong Cai
Keyword(s):  
Lower Bound ◽  
Boolean Functions ◽  
Algebraic Immunity

scholarly journals Explicit relation between all lower bound techniques for quantum query complexity

2015 ◽  
Vol 13 (04) ◽  
pp. 1350059
Author(s):  
Loïck Magnin ◽  
Jérémie Roland
Keyword(s):  
Lower Bound ◽  
Boolean Functions ◽  
Query Complexity ◽  
Polynomial Method ◽  
Quantum Query Complexity ◽  
State Generation ◽  
Adversary Method ◽  
Explicit Relation ◽  
Special Case ◽  
Quantum Query

The polynomial method and the adversary method are the two main techniques to prove lower bounds on quantum query complexity, and they have so far been considered as unrelated approaches. Here, we show an explicit reduction from the polynomial method to the multiplicative adversary method. The proof goes by extending the polynomial method from Boolean functions to quantum state generation problems. In the process, the bound is even strengthened. We then show that this extended polynomial method is a special case of the multiplicative adversary method with an adversary matrix that is independent of the function. This new result therefore provides insight on the reason why in some cases the adversary method is stronger than the polynomial method. It also reveals a clear picture of the relation between the different lower bound techniques, as it implies that all known techniques reduce to the multiplicative adversary method.

Sign in / Sign up

Export Citation Format

Share Document