Finding Impossible Differentials in ARX Ciphers under Weak Keys

IACR Transactions on Symmetric Cryptology Pub Date : 2024-03-01 DOI:10.46586/tosc.v2024.i1.326-356

Qing Ling, Tingting Cui, Hongtao Hu, Sijia Gong, Zijun He, Jiali Huang, Jia Xiao

{"title":"Finding Impossible Differentials in ARX Ciphers under Weak Keys","authors":"Qing Ling, Tingting Cui, Hongtao Hu, Sijia Gong, Zijun He, Jiali Huang, Jia Xiao","doi":"10.46586/tosc.v2024.i1.326-356","DOIUrl":null,"url":null,"abstract":"Impossible differential cryptanalysis is very important in the field of symmetric ciphers. Currently, there are many automatic search approaches to find impossible differentials. However, these methods have two underlying assumptions: Markov cipher assumption and key independence assumption. Actually, these two assumptions are not true in ARX ciphers, especially lightweight ones. In this paper, we study the impossible differentials in ARX cipher under weak keys for the first time. Firstly, we propose several accurate difference propagation properties on consecutive two and three modular additions. Then, these properties are applied to four typical local constructions composed of two consecutive modular additions, two modular additions with a rotation operation, xoring secret key or constant in the middle, to find impossible differentials under weak keys or special constants. What’s more, we propose a more accurate difference propagation property on three consecutive modular additions. It can be used to find impossible differentials on more complex local constructions under weak keys or special constants. In practical ciphers, these impossible differentials on local constructions can be used to find contradictions. Lastly, combining our new findings with traditional automatic search methods for impossible differentials, we propose a framework to find impossible differentials in ARX ciphers under weak keys. As applications, we apply the framework to SPECK-32/64, LEA and CHAM-64/128. As a result, we find two 8-round impossible differentials for SPECK-32/64 under 260 weak keys, and one 11-round impossible differential for LEA under 2k−1 weak keys, where k is the key size. These impossible differentials can start from any round. Furthermore, we find two 22-round impossible differentials for CHAM-64/128 under 2127 weak keys starting from certain rounds. As far as we know, all these impossible differentials are longer than previous ones.","PeriodicalId":502677,"journal":{"name":"IACR Transactions on Symmetric Cryptology","volume":"88 21","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IACR Transactions on Symmetric Cryptology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.46586/tosc.v2024.i1.326-356","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Impossible differential cryptanalysis is very important in the field of symmetric ciphers. Currently, there are many automatic search approaches to find impossible differentials. However, these methods have two underlying assumptions: Markov cipher assumption and key independence assumption. Actually, these two assumptions are not true in ARX ciphers, especially lightweight ones. In this paper, we study the impossible differentials in ARX cipher under weak keys for the first time. Firstly, we propose several accurate difference propagation properties on consecutive two and three modular additions. Then, these properties are applied to four typical local constructions composed of two consecutive modular additions, two modular additions with a rotation operation, xoring secret key or constant in the middle, to find impossible differentials under weak keys or special constants. What’s more, we propose a more accurate difference propagation property on three consecutive modular additions. It can be used to find impossible differentials on more complex local constructions under weak keys or special constants. In practical ciphers, these impossible differentials on local constructions can be used to find contradictions. Lastly, combining our new findings with traditional automatic search methods for impossible differentials, we propose a framework to find impossible differentials in ARX ciphers under weak keys. As applications, we apply the framework to SPECK-32/64, LEA and CHAM-64/128. As a result, we find two 8-round impossible differentials for SPECK-32/64 under 260 weak keys, and one 11-round impossible differential for LEA under 2k−1 weak keys, where k is the key size. These impossible differentials can start from any round. Furthermore, we find two 22-round impossible differentials for CHAM-64/128 under 2127 weak keys starting from certain rounds. As far as we know, all these impossible differentials are longer than previous ones.

查看原文本刊更多论文

寻找弱密钥下 ARX 密码中的不可能差分

不可能差分密码分析在对称密码领域非常重要。目前，有许多自动搜索方法可以找到不可能差分。然而，这些方法有两个基本假设：马尔可夫密码假设和密钥独立性假设。实际上，这两个假设在 ARX 密码中并不成立，尤其是轻量级密码。本文首次研究了弱密钥下 ARX 密码中的不可能差分。首先，我们提出了几个关于连续二和三模块加法的精确差分传播特性。然后，将这些性质应用于由两个连续的模块加法、带有旋转操作的两个模块加法、Xoring 密钥或中间常数组成的四种典型局部结构，从而发现弱密钥或特殊常数下的不可能差分。此外，我们还提出了一种更精确的关于三个连续模块加法的差分传播特性。在弱密钥或特殊常量下，它可以用来找到更复杂的局部结构的不可能差分。在实际密码中，这些局部构造上的不可能差分可以用来发现矛盾。最后，结合我们的新发现和传统的不可能差分自动搜索方法，我们提出了一个在弱密钥下查找 ARX 密码中不可能差分的框架。作为应用，我们将该框架应用于 SPECK-32/64、LEA 和 CHAM-64/128。结果，我们发现 SPECK-32/64 在 260 个弱密钥下有两个 8 轮不可能差分，LEA 在 2k-1 个弱密钥下有一个 11 轮不可能差分，其中 k 是密钥大小。这些不可能差分可以从任何一轮开始。此外，我们还发现了 CHAM-64/128 在 2127 个弱密钥条件下的两个 22 轮不可能差分，它们都是从某些轮次开始的。据我们所知，所有这些不可能差分都比之前的差分更长。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IACR Transactions on Symmetric Cryptology

自引率

0.00%

发文量