Strong and Tight Security Guarantees Against Integral Distinguishers

Hebborn, Phil; Lambin, Baptiste; Leander, Gregor; Todo, Yosuke

doi:10.1007/978-3-030-92062-3_13

Cited by 8 publications

(5 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…By counting monomial trails, they could ascertain whether a monomial from the plaintext or initialization vector (IV) appears in the cipher output polynomial. It was subsequently demonstrated that monomial prediction and the 3SDPwoU are equivalent in their application [20][21][22][23][24][25][26].…”

Section: Related Workmentioning

confidence: 99%

“…For instance, in the case of the 20th round, it is necessary to conjecture the following set of register values: 1,3,4,5,7,8,9,11,12,13,15,16,17,18,19,20,21,22,23,24,25,27,28,29 [16], reg 16 [17], reg 16 [18], reg 16 [19]) ⊕ reg 19 [2] reg 20 [6] = S(reg 16 [16], reg 16 [17], reg 16 [18], reg 16 [19]) ⊕ reg 19 [6] reg 20 [10] = S(reg 16 [16], reg 16 [17], reg 16 [18], reg 16 [19]) ⊕ reg 19 [10] reg 20 [14] = S(reg 16 [16], reg 16 [17], reg 16 [18], reg 16 [19]) ⊕ reg 19 [4] reg 20 [26] = S(reg 16…”

Section: Data Preparationmentioning

confidence: 99%

See 1 more Smart Citation

Integral Cryptanalysis of Reduced-Round IIoTBC-A and Full IIoTBC-B

Liu,

Sun,

Luo

et al. 2024

Mathematics

View full text Add to dashboard Cite

This paper delves into the realm of cryptographic analysis by employing mixed-integer linear programming (MILP), a powerful tool for automated cryptanalysis. Building on this foundation, we apply the division property method alongside MILP to conduct a comprehensive cryptanalysis of the IIoTBC (industrial Internet of Things block cipher) algorithm, a critical cipher in the security landscape of industrial IoT systems. Our investigation into IIoTBC System A has led to identifying a 14-round integral distinguisher, further extended to a 22-round key recovery. This significant finding underscores the cipher’s susceptibility to sophisticated cryptanalytic attacks and demonstrates the profound impact of combining the division property method with MILP in revealing hidden cipher weaknesses. In the case of IIoTBC System B, our innovative approach has uncovered a full-round distinguisher. We provide theoretical validation for this distinguisher and uncover a pivotal structural issue in the System B algorithm, specifically the non-diffusion of its third branch. This discovery sheds light on inherent security challenges within System B and points to areas for potential enhancement in its design. Our research, through its methodical examination and analysis of the IIoTBC algorithm, contributes substantially to the field of cryptographic security, especially concerning industrial IoT applications. By uncovering and analyzing the vulnerabilities within IIoTBC, we enhance the understanding of cipher robustness and pave the way for advancements in securing industrial IoT communications.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Data Preparationmentioning

confidence: 99%

Integral Cryptanalysis of Reduced-Round IIoTBC-A and Full IIoTBC-B

Liu,

Sun,

Luo

et al. 2024

Mathematics

View full text Add to dashboard Cite

show abstract

“…Proposition 25 [35] Let E : F n 2 × F κ 2 → F n 2 be a block cipher and I(E) be a corresponding integral-resistance matrix. If I(E) has rank n 2 and k 0 is an independent whitening key, E k (x + k 0 ) fulfills the integral-resistance property.…”

Section: Security Argumentsmentioning

confidence: 99%

Mathematical aspects of division property

2023

Self Cite

View full text Add to dashboard Cite

This work surveys mathematical aspects of division property, which is a state of the art technique in cryptanalysis of symmetric-key algorithms, such as authenticated encryption, block ciphers and stream ciphers. It aims to find integral distinguishers and cube attacks, which exploit weakness in the algebraic normal forms of the output coordinates of the involved vectorial Boolean functions. Division property can also be used to provide arguments for security of primitives against these attacks. The focus of this work is a formal presentation of the theory behind the division property, including rigorous proofs, which were often omitted in the existing literature. This survey covers the two major variants of division property, namely conventional and perfect division property. In addition, we explore relationships of the technique with classic degree bounds.

show abstract

“…Since the width of the datapath is so small, we are able to directly evaluate certain input sets. Hence, with the help of [HLLT20,HLLT21], we are able to show that all monomials of degree 23 are present in each linear combination of the output bits after a certain number of rounds. Moreover, we can show that sums of any selection of output bits are key dependent for any selection of input sets that are non-empty and not the full set.…”

Section: Algebraic Degree Of the Datapathmentioning

confidence: 99%

“…It is possible to pick any set and evaluate it. In [HLLT21], strong arguments against integral distinguishers are given. In essence, in the first step, for each output bit, one has to show that the superpolys associated with each high-degree term are linearly independent.…”

Section: Algebraic Degree Of the Datapathmentioning

confidence: 99%

BipBip: A Low-Latency Tweakable Block Cipher with Small Dimensions

Belkheyar

Daemen

Dobraunig

et al. 2022

TCHES

View full text Add to dashboard Cite

Recently, a memory safety concept called Cryptographic Capability Computing (C3) has been proposed. C3 is the first memory safety mechanism that works without requiring extra storage for metadata and hence, has the potential to significantly enhance the security of modern IT-systems at a rather low cost. To achieve this, C3 heavily relies on ultra-low-latency cryptographic primitives. However, the most crucial primitive required by C3 demands uncommon dimensions. To partially encrypt 64-bit pointers, a 24-bit tweakable block cipher with a 40-bit tweak is needed. The research on low-latency tweakable block ciphers with such small dimensions is not very mature. Therefore, designing such a cipher provides a great research challenge, which we take on with this paper. As a result, we present BipBip, a 24-bit tweakable block cipher with a 40-bit tweak that allows for ASIC implementations with a latency of 3 cycles at a 4.5 GHz clock frequency on a modern 10 nm CMOS technology.

show abstract

Strong and Tight Security Guarantees Against Integral Distinguishers

Cited by 8 publications

References 21 publications

Integral Cryptanalysis of Reduced-Round IIoTBC-A and Full IIoTBC-B

Integral Cryptanalysis of Reduced-Round IIoTBC-A and Full IIoTBC-B

Mathematical aspects of division property

BipBip: A Low-Latency Tweakable Block Cipher with Small Dimensions

Contact Info

Product

Resources

About