Differential and Linear Cryptanalysis Using Mixed-Integer Linear Programming | SpringerLink
Skip to main content
Springer Nature Link
Log in

Differential and Linear Cryptanalysis Using Mixed-Integer Linear Programming

  • Conference paper
Information Security and Cryptology (Inscrypt 2011)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7537))

Included in the following conference series:

Abstract

Differential and linear cryptanalysis are two of the most powerful techniques to analyze symmetric-key primitives. For modern ciphers, resistance against these attacks is therefore a mandatory design criterion. In this paper, we propose a novel technique to prove security bounds against both differential and linear cryptanalysis. We use mixed-integer linear programming (MILP), a method that is frequently used in business and economics to solve optimization problems. Our technique significantly reduces the workload of designers and cryptanalysts, because it only involves writing out simple equations that are input into an MILP solver. As very little programming is required, both the time spent on cryptanalysis and the possibility of human errors are greatly reduced. Our method is used to analyze Enocoro-128v2, a stream cipher that consists of 96 rounds. We prove that 38 rounds are sufficient for security against differential cryptanalysis, and 61 rounds for security against linear cryptanalysis. We also illustrate our technique by calculating the number of active S-boxes for AES.

This work was supported in part by the Research Council K.U.Leuven: GOA TENSE, the IAP Program P6/26 BCRYPT of the Belgian State (Belgian Science Policy), and in part by the European Commission through the ICT program under contract ICT-2007-216676 ECRYPT II, and is funded by the National Natural Science Foundation of China (No. 61073150).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
¥17,985 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
JPY 3498
Price includes VAT (Japan)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
JPY 5719
Price includes VAT (Japan)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
JPY 7149
Price includes VAT (Japan)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Biham, E., Shamir, A.: Differential Cryptanalysis of DES-like Cryptosystems. J. Cryptology 4(1), 3–72 (1991)

    Article  MathSciNet  MATH  Google Scholar 

  2. Biryukov, A., Gong, G., Stinson, D.R. (eds.): SAC 2010. LNCS, vol. 6544. Springer, Heidelberg (2011)

    MATH  Google Scholar 

  3. Biryukov, A., Nikolić, I.: Search for Related-Key Differential Characteristics in DES-Like Ciphers. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 18–34. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  4. Bodganov, A.: Personal Communication (2011)

    Google Scholar 

  5. Bogdanov, A.: Analysis and Design of Block Cipher Constructions. Ph.D. thesis, Ruhr University Bochum (2009)

    Google Scholar 

  6. Bogdanov, A.: On unbalanced Feistel networks with contracting MDS diffusion. Des. Codes Cryptography 59(1-3), 35–58 (2011)

    Article  MathSciNet  MATH  Google Scholar 

  7. Borghoff, J., Knudsen, L.R., Stolpe, M.: Bivium as a Mixed-Integer Linear Programming Problem. In: Parker, M.G. (ed.) Cryptography and Coding 2009. LNCS, vol. 5921, pp. 133–152. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  8. Bouillaguet, C., Fouque, P.A., Leurent, G.: Security Analysis of SIMD. In: Biryukov, et al. (eds.) [2], pp. 351–368

    Google Scholar 

  9. McDonald, C., Charnes, C., Pieprzyk, J.: An Algebraic Analysis of Trivium Ciphers based on the Boolean Satisfiability Problem. Cryptology ePrint Archive, Report 2007/129 (2007), http://eprint.iacr.org/

  10. Daemen, J., Clapp, C.S.K.: Fast Hashing and Stream Encryption with PANAMA. In: Vaudenay, S. (ed.) FSE 1998. LNCS, vol. 1372, pp. 60–74. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  11. Daemen, J., Govaerts, R., Vandewalle, J.: Resynchronization Weaknesses in Synchronous Stream Ciphers. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 159–167. Springer, Heidelberg (1994)

    Chapter  Google Scholar 

  12. Daemen, J., Rijmen, V.: The Wide Trail Design Strategy. In: Honary, B. (ed.) Cryptography and Coding 2001. LNCS, vol. 2260, pp. 222–238. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  13. Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. Springer (2002)

    Google Scholar 

  14. Hell, M., Johansson, T.: Security Evaluation of Stream Cipher Enocoro-128v2. CRYPTREC Technical Report (2010)

    Google Scholar 

  15. Muto, K., Watanabe, D., Kaneko, T.: Strength evaluation of Enocoro-128 against LDA and its Improvement. In: Symposium on Cryptography and Information Security, pp. 4A1–1 (2008) (in Japanese)

    Google Scholar 

  16. Kanda, M.: Practical Security Evaluation against Differential and Linear Cryptanalyses for Feistel Ciphers with SPN Round Function. In: Stinson, D.R., Tavares, S. (eds.) SAC 2000. LNCS, vol. 2012, pp. 324–338. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  17. Okamoto, K., Muto, K., Kaneko, T.: Security evaluation of Pseudorandom Number Generator Enocoro-80 against Differential/Linear Cryptanalysis (II). In: Symposium on Cryptography and Information Security, pp. 20–23 (2009) (in Japanese)

    Google Scholar 

  18. Konosu, K., Muto, K., Furuichi, H., Watanabe, D., Kaneko, T.: Security evaluation of Enocoro-128 ver.1.1 against resynchronization attack. IEICE Technical Report, ISEC2007-147 (2008) (in Japanese)

    Google Scholar 

  19. Matsui, M.: Linear Cryptanalysis Method for DES Cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994)

    Chapter  Google Scholar 

  20. Matsui, M.: On Correlation between the Order of S-Boxes and the Strength of DES. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 366–375. Springer, Heidelberg (1995)

    Chapter  Google Scholar 

  21. Muto, K., Watanabe, D., Kaneko, T.: Security evaluation of Enocoro-80 against linear resynchronization attack. In: Symposium on Cryptography and Information Security (2008) (in Japanese)

    Google Scholar 

  22. Raddum, H.: Cryptanalytic Results on Trivium. eSTREAM report 2006/039 (2006), http://www.ecrypt.eu.org/stream/triviump3.html

  23. Schrage, L.: Optimization Modeling with LINGO. Lindo Systems (1999), http://www.lindo.com

  24. Shibutani, K.: On the Diffusion of Generalized Feistel Structures Regarding Differential and Linear Cryptanalysis. In: Biryukov, et al. (eds.) [2], pp. 211–228

    Google Scholar 

  25. Watanabe, D., Kaneko, T.: A construction of light weight Panama-like keystream generator. IEICE Technical Report, ISEC2007-78 (2007) (in Japanese)

    Google Scholar 

  26. Watanabe, D., Okamoto, K., Kaneko, T.: A Hardware-Oriented Light Weight Pseudo-Random Number Generator Enocoro-128v2. In: The Symposium on Cryptography and Information Security, pp. 3D1–3 (2010) (in Japanese)

    Google Scholar 

  27. Watanabe, D., Owada, T., Okamoto, K., Igarashi, Y., Kaneko, T.: Update on Enocoro Stream Cipher. In: ISITA, pp. 778–783. IEEE (2010)

    Google Scholar 

  28. Wu, S., Wang, M.: Security evaluation against differential cryptanalysis for block cipher structures. Cryptology ePrint Archive, Report 2011/551 (2011), http://eprint.iacr.org/

Download references

Author information

Authors and Affiliations

  1. Department of Electrical Engineering ESAT/SCD-COSIC, Katholieke Universiteit Leuven, Kasteelpark Arenberg 10, B-3001, Heverlee, Belgium

    Nicky Mouha, Qingju Wang & Bart Preneel

  2. Department of Computer Science and Engineering, Shanghai Jiao Tong University, Shanghai, China

    Qingju Wang & Dawu Gu

  3. Interdisciplinary Institute for BroadBand Technology (IBBT), Belgium

    Nicky Mouha, Qingju Wang & Bart Preneel

Authors
  1. Nicky Mouha
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Qingju Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Dawu Gu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Bart Preneel
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Chinese Academy of Sciences, Institute of Information Engineering, 100190, Beijing, China

    Chuan-Kun Wu  & Dongdai Lin  & 

  2. Computer Science Department, Google Inc. and Columbia University, S.W. Mudd Building, NY 10027, New York, USA

    Moti Yung

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Mouha, N., Wang, Q., Gu, D., Preneel, B. (2012). Differential and Linear Cryptanalysis Using Mixed-Integer Linear Programming. In: Wu, CK., Yung, M., Lin, D. (eds) Information Security and Cryptology. Inscrypt 2011. Lecture Notes in Computer Science, vol 7537. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34704-7_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-34704-7_5

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-34703-0

  • Online ISBN: 978-3-642-34704-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics