寻找差分特征聚类的并行SAT框架及其应用

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications Pub Date : 2025-09-06 DOI:10.1016/j.jisa.2025.104203

Kosei Sakamoto , Ryoma Ito , Takanori Isobe

{"title":"寻找差分特征聚类的并行SAT框架及其应用","authors":"Kosei Sakamoto , Ryoma Ito , Takanori Isobe","doi":"10.1016/j.jisa.2025.104203","DOIUrl":null,"url":null,"abstract":"<div><div>The most crucial but time-consuming task for differential cryptanalysis is to find a differential with a high probability. To tackle this task, we propose a new SAT-based automatic search framework developed to efficiently determine the differential with the highest probability under a specified condition. Conventional SAT-based methods have primarily aimed to accelerate the search for an optimal single differential characteristic or to evaluate the clustering effect for a specific input–output difference. However, methods tailored to the former purpose are often not optimized to evaluate the clustering effect. Meanwhile, methods developed for the latter purpose lack comprehensive search capabilities and, therefore, have difficulty identifying a differential with the highest probability. Our framework leverages a multi-threading technique to solve incremental SAT problems in parallel, offering the following advantages over previous methods: (1) speedy identification of the differential with the highest probability under the specified conditions; (2) efficient construction of the truncated differential with the highest probability from multiple obtained differentials; and (3) applicability to a wide class of symmetric-key primitives. To demonstrate the effectiveness of our framework, we apply it to various low-latency primitives, including block ciphers (<span>PRINCE</span> and <span>PRINCEv2</span>) and tweakable block ciphers (<span>QARMA</span> and <span>QARMAv2</span>). We have successfully determined the tight differential bounds for all variants of the target ciphers within a practical time, identifying the longest distinguisher for all the variants, excluding <span>QARMAv2</span> under the related-tweak setting. Besides, we have uncovered significant differences in the behavior of differential between <span>PRINCE</span> and <span>QARMA</span>, particularly concerning the clustering effect. Our findings shed light on the new structural properties of these important primitives. In the context of key recovery attacks, our framework allows the derivation of key-recovery-friendly truncated differentials for all variants of <span>QARMA</span>. Consequently, we report key recovery attacks based on (truncated) differential cryptanalysis on <span>QARMA</span> under the related-tweak setting for the first time. demonstrating that these key recovery attacks are competitive with existing attacks.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104203"},"PeriodicalIF":3.7000,"publicationDate":"2025-09-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Parallel SAT framework to find clustering of differential characteristics and its applications\",\"authors\":\"Kosei Sakamoto , Ryoma Ito , Takanori Isobe\",\"doi\":\"10.1016/j.jisa.2025.104203\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>The most crucial but time-consuming task for differential cryptanalysis is to find a differential with a high probability. To tackle this task, we propose a new SAT-based automatic search framework developed to efficiently determine the differential with the highest probability under a specified condition. Conventional SAT-based methods have primarily aimed to accelerate the search for an optimal single differential characteristic or to evaluate the clustering effect for a specific input–output difference. However, methods tailored to the former purpose are often not optimized to evaluate the clustering effect. Meanwhile, methods developed for the latter purpose lack comprehensive search capabilities and, therefore, have difficulty identifying a differential with the highest probability. Our framework leverages a multi-threading technique to solve incremental SAT problems in parallel, offering the following advantages over previous methods: (1) speedy identification of the differential with the highest probability under the specified conditions; (2) efficient construction of the truncated differential with the highest probability from multiple obtained differentials; and (3) applicability to a wide class of symmetric-key primitives. To demonstrate the effectiveness of our framework, we apply it to various low-latency primitives, including block ciphers (<span>PRINCE</span> and <span>PRINCEv2</span>) and tweakable block ciphers (<span>QARMA</span> and <span>QARMAv2</span>). We have successfully determined the tight differential bounds for all variants of the target ciphers within a practical time, identifying the longest distinguisher for all the variants, excluding <span>QARMAv2</span> under the related-tweak setting. Besides, we have uncovered significant differences in the behavior of differential between <span>PRINCE</span> and <span>QARMA</span>, particularly concerning the clustering effect. Our findings shed light on the new structural properties of these important primitives. In the context of key recovery attacks, our framework allows the derivation of key-recovery-friendly truncated differentials for all variants of <span>QARMA</span>. Consequently, we report key recovery attacks based on (truncated) differential cryptanalysis on <span>QARMA</span> under the related-tweak setting for the first time. demonstrating that these key recovery attacks are competitive with existing attacks.</div></div>\",\"PeriodicalId\":48638,\"journal\":{\"name\":\"Journal of Information Security and Applications\",\"volume\":\"94 \",\"pages\":\"Article 104203\"},\"PeriodicalIF\":3.7000,\"publicationDate\":\"2025-09-06\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Information Security and Applications\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S2214212625002406\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Security and Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2214212625002406","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

对于差分密码分析来说，最关键但最耗时的任务是找到一个具有高概率的差分。为了解决这个问题，我们提出了一个新的基于sat的自动搜索框架，该框架可以在特定条件下以最高概率有效地确定微分。传统的基于sat的方法主要是为了加速寻找最优的单个差分特征或评估特定输入输出差异的聚类效应。然而，针对前一目的量身定制的方法往往没有优化以评估聚类效果。同时，为后一种目的而开发的方法缺乏全面的搜索能力，因此难以识别具有最高概率的差异。我们的框架利用多线程技术并行解决增量SAT问题，与以前的方法相比具有以下优点：(1)在指定条件下以最高概率快速识别微分；(2)从多个得到的微分中以最高概率高效构造截断微分；(3)适用于广泛的一类对称键原语。为了证明我们的框架的有效性，我们将其应用于各种低延迟原语，包括块密码（PRINCE和PRINCEv2）和可调整的块密码（QARMA和QARMAv2）。我们在实际时间内成功地确定了目标密码的所有变体的紧微分界，确定了所有变体的最长区分符，在相关调整设置下不包括QARMAv2。此外，我们还发现了PRINCE和QARMA在差异行为上的显著差异，特别是在聚类效应方面。我们的发现揭示了这些重要原语的新结构特性。在密钥恢复攻击的上下文中，我们的框架允许为QARMA的所有变体派生密钥恢复友好的截断差分。因此，我们首次报告了在相关调整设置下基于（截断）QARMA差分密码分析的密钥恢复攻击。证明这些密钥恢复攻击与现有攻击具有竞争力。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Parallel SAT framework to find clustering of differential characteristics and its applications

The most crucial but time-consuming task for differential cryptanalysis is to find a differential with a high probability. To tackle this task, we propose a new SAT-based automatic search framework developed to efficiently determine the differential with the highest probability under a specified condition. Conventional SAT-based methods have primarily aimed to accelerate the search for an optimal single differential characteristic or to evaluate the clustering effect for a specific input–output difference. However, methods tailored to the former purpose are often not optimized to evaluate the clustering effect. Meanwhile, methods developed for the latter purpose lack comprehensive search capabilities and, therefore, have difficulty identifying a differential with the highest probability. Our framework leverages a multi-threading technique to solve incremental SAT problems in parallel, offering the following advantages over previous methods: (1) speedy identification of the differential with the highest probability under the specified conditions; (2) efficient construction of the truncated differential with the highest probability from multiple obtained differentials; and (3) applicability to a wide class of symmetric-key primitives. To demonstrate the effectiveness of our framework, we apply it to various low-latency primitives, including block ciphers (PRINCE and PRINCEv2) and tweakable block ciphers (QARMA and QARMAv2). We have successfully determined the tight differential bounds for all variants of the target ciphers within a practical time, identifying the longest distinguisher for all the variants, excluding QARMAv2 under the related-tweak setting. Besides, we have uncovered significant differences in the behavior of differential between PRINCE and QARMA, particularly concerning the clustering effect. Our findings shed light on the new structural properties of these important primitives. In the context of key recovery attacks, our framework allows the derivation of key-recovery-friendly truncated differentials for all variants of QARMA. Consequently, we report key recovery attacks based on (truncated) differential cryptanalysis on QARMA under the related-tweak setting for the first time. demonstrating that these key recovery attacks are competitive with existing attacks.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Journal of Information Security and Applications Computer Science-Computer Networks and Communications

CiteScore

10.90

自引率

5.40%

发文量

206

审稿时长

56 days

期刊介绍： Journal of Information Security and Applications (JISA) focuses on the original research and practice-driven applications with relevance to information security and applications. JISA provides a common linkage between a vibrant scientific and research community and industry professionals by offering a clear view on modern problems and challenges in information security, as well as identifying promising scientific and "best-practice" solutions. JISA issues offer a balance between original research work and innovative industrial approaches by internationally renowned information security experts and researchers.