Improved Conditional Differential Analysis on NLFSR-Based Block Cipher KATAN32 with MILP
In this paper, a new method for constructing a Mixed Integer Linear Programming (MILP) model on conditional differential cryptanalysis of the nonlinear feedback shift register- (NLFSR-) based block ciphers is proposed, and an approach to detecting the bit with a strongly biased difference is provide...
Main Authors: | , , |
---|---|
Format: | Article |
Language: | English |
Published: |
Hindawi-Wiley
2020-01-01
|
Series: | Wireless Communications and Mobile Computing |
Online Access: | http://dx.doi.org/10.1155/2020/8883557 |
id |
doaj-ee838be5a6884e1ba0839d395307e6b4 |
---|---|
record_format |
Article |
spelling |
doaj-ee838be5a6884e1ba0839d395307e6b42020-12-07T09:08:24ZengHindawi-WileyWireless Communications and Mobile Computing1530-86691530-86772020-01-01202010.1155/2020/88835578883557Improved Conditional Differential Analysis on NLFSR-Based Block Cipher KATAN32 with MILPZhaohui Xing0Wenying Zhang1Guoyong Han2School of Information Science and Engineering, Shandong Normal University, Jinan 250014, ChinaSchool of Information Science and Engineering, Shandong Normal University, Jinan 250014, ChinaSchool of Management Engineering, Shandong Jianzhu University, Jinan 250101, ChinaIn this paper, a new method for constructing a Mixed Integer Linear Programming (MILP) model on conditional differential cryptanalysis of the nonlinear feedback shift register- (NLFSR-) based block ciphers is proposed, and an approach to detecting the bit with a strongly biased difference is provided. The model is successfully applied to the block cipher KATAN32 in the single-key scenario, resulting in practical key-recovery attacks covering more rounds than the previous. In particular, we present two distinguishers for 79 and 81 out of 254 rounds of KATAN32. Based on the 81-round distinguisher, we recover 11 equivalent key bits of 98-round KATAN32 and 13 equivalent key bits of 99-round KATAN32. The time complexity is less than 231 encryptions of 98-round KATAN32 and less than 233 encryptions of 99-round KATAN32, respectively. Thus far, our results are the best known practical key-recovery attacks for the round-reduced variants of KATAN32 regarding the number of rounds and the time complexity. All the results are verified experimentally.http://dx.doi.org/10.1155/2020/8883557 |
collection |
DOAJ |
language |
English |
format |
Article |
sources |
DOAJ |
author |
Zhaohui Xing Wenying Zhang Guoyong Han |
spellingShingle |
Zhaohui Xing Wenying Zhang Guoyong Han Improved Conditional Differential Analysis on NLFSR-Based Block Cipher KATAN32 with MILP Wireless Communications and Mobile Computing |
author_facet |
Zhaohui Xing Wenying Zhang Guoyong Han |
author_sort |
Zhaohui Xing |
title |
Improved Conditional Differential Analysis on NLFSR-Based Block Cipher KATAN32 with MILP |
title_short |
Improved Conditional Differential Analysis on NLFSR-Based Block Cipher KATAN32 with MILP |
title_full |
Improved Conditional Differential Analysis on NLFSR-Based Block Cipher KATAN32 with MILP |
title_fullStr |
Improved Conditional Differential Analysis on NLFSR-Based Block Cipher KATAN32 with MILP |
title_full_unstemmed |
Improved Conditional Differential Analysis on NLFSR-Based Block Cipher KATAN32 with MILP |
title_sort |
improved conditional differential analysis on nlfsr-based block cipher katan32 with milp |
publisher |
Hindawi-Wiley |
series |
Wireless Communications and Mobile Computing |
issn |
1530-8669 1530-8677 |
publishDate |
2020-01-01 |
description |
In this paper, a new method for constructing a Mixed Integer Linear Programming (MILP) model on conditional differential cryptanalysis of the nonlinear feedback shift register- (NLFSR-) based block ciphers is proposed, and an approach to detecting the bit with a strongly biased difference is provided. The model is successfully applied to the block cipher KATAN32 in the single-key scenario, resulting in practical key-recovery attacks covering more rounds than the previous. In particular, we present two distinguishers for 79 and 81 out of 254 rounds of KATAN32. Based on the 81-round distinguisher, we recover 11 equivalent key bits of 98-round KATAN32 and 13 equivalent key bits of 99-round KATAN32. The time complexity is less than 231 encryptions of 98-round KATAN32 and less than 233 encryptions of 99-round KATAN32, respectively. Thus far, our results are the best known practical key-recovery attacks for the round-reduced variants of KATAN32 regarding the number of rounds and the time complexity. All the results are verified experimentally. |
url |
http://dx.doi.org/10.1155/2020/8883557 |
work_keys_str_mv |
AT zhaohuixing improvedconditionaldifferentialanalysisonnlfsrbasedblockcipherkatan32withmilp AT wenyingzhang improvedconditionaldifferentialanalysisonnlfsrbasedblockcipherkatan32withmilp AT guoyonghan improvedconditionaldifferentialanalysisonnlfsrbasedblockcipherkatan32withmilp |
_version_ |
1715013435947745280 |