Efficient MILP Modelings for Sboxes and Linear Layers of SPN ciphers
Mixed Integer Linear Programming (MILP) solvers are regularly used by designers for providing security arguments and by cryptanalysts for searching for new distinguishers. For both applications, bitwise models are more refined and permit to analyze properties of primitives more accurately than word-...
Saved in:
| Published in | IACR Transactions on Symmetric Cryptology Vol. 2020; no. 3; pp. 327 - 361 |
|---|---|
| Main Authors | , |
| Format | Journal Article |
| Language | English |
| Published |
Ruhr Universität Bochum
01.01.2020
Ruhr-Universität Bochum |
| Subjects | |
| Online Access | Get full text |
Cover
Loading…
| Abstract | Mixed Integer Linear Programming (MILP) solvers are regularly used by designers for providing security arguments and by cryptanalysts for searching for new distinguishers. For both applications, bitwise models are more refined and permit to analyze properties of primitives more accurately than word-oriented models. Yet, they are much heavier than these last ones. In this work, we first propose many new algorithms for efficiently modeling any subset of F n 2 with MILP inequalities. This permits, among others, to model differential or linear propagation through Sboxes. We manage notably to represent the differential behaviour of the AES Sbox with three times less inequalities than before. Then, we present two new algorithms inspired from coding theory to model complex linear layers without dummy variables. This permits us to represent many diffusion matrices, notably the ones of Skinny-128 and AES in a much more compact way. To demonstrate the impact of our new models on the solving time we ran experiments for both Skinny-128 and AES. Finally, our new models allowed us to computationally prove that there are no impossible differentials for 5-round AES and 13-round Skinny-128 with exactly one input and one output active byte, even if the details of both the Sbox and the linear layer are taken into account. |
|---|---|
| AbstractList | Mixed Integer Linear Programming (MILP) solvers are regularly used by designers for providing security arguments and by cryptanalysts for searching for new distinguishers. For both applications, bitwise models are more refined and permit to analyze properties of primitives more accurately than word-oriented models. Yet, they are much heavier than these last ones. In this work, we first propose many new algorithms for efficiently modeling any subset of Fn2 with MILP inequalities. This permits, among others, to model differential or linear propagation through Sboxes. We manage notably to represent the differential behaviour of the AES Sbox with three times less inequalities than before. Then, we present two new algorithms inspired from coding theory to model complex linear layers without dummy variables. This permits us to represent many diffusion matrices, notably the ones of Skinny-128 and AES in a much more compact way. To demonstrate the impact of our new models on the solving time we ran experiments for both Skinny-128 and AES. Finally, our new models allowed us to computationally prove that there are no impossible differentials for 5-round AES and 13-round Skinny-128 with exactly one input and one output active byte, even if the details of both the Sbox and the linear layer are taken into account. Mixed Integer Linear Programming (MILP) solvers are regularly used by designers for providing security arguments and by cryptanalysts for searching for new distinguishers. For both applications, bitwise models are more refined and permit to analyze properties of primitives more accurately than word-oriented models. Yet, they are much heavier than these last ones. In this work, we first propose many new algorithms for efficiently modeling any subset of F n 2 with MILP inequalities. This permits, among others, to model differential or linear propagation through Sboxes. We manage notably to represent the differential behaviour of the AES Sbox with three times less inequalities than before. Then, we present two new algorithms inspired from coding theory to model complex linear layers without dummy variables. This permits us to represent many diffusion matrices, notably the ones of Skinny-128 and AES in a much more compact way. To demonstrate the impact of our new models on the solving time we ran experiments for both Skinny-128 and AES. Finally, our new models allowed us to computationally prove that there are no impossible differentials for 5-round AES and 13-round Skinny-128 with exactly one input and one output active byte, even if the details of both the Sbox and the linear layer are taken into account. |
| Author | Coggia, Daniel Boura, Christina |
| Author_xml | – sequence: 1 givenname: Christina surname: Boura fullname: Boura, Christina organization: Université de Versailles Saint-Quentin-en-Yvelines – sequence: 2 givenname: Daniel surname: Coggia fullname: Coggia, Daniel organization: Cryptologie symétrique, cryptologie fondée sur les codes et information quantique |
| BackLink | https://inria.hal.science/hal-03046211$$DView record in HAL |
| BookMark | eNpVjk9PwjAchhuDiYh8BdOrh822v_5ZjwRRSIaSoIm3pVtbKJkr2RYi314UD3p63_c5PHmv0aCJjUPolpKUAhX8vo9dlR4YYSQNkAJTCUh6gYZMUJ1QBe-DP_0KjbtuRwhhmQbJ9RA9zLwPVXBNj5eLfIWX0bo6NJsO-9jidRk_XYdNY3EeGmdanJujazscPV6vnnEV9tvTvEGX3tSdG__mCL09zl6n8yR_eVpMJ3limRB9YqGqQEitROl5Jg0z1kqnDVUsc5nhijumpObGsjIjnp5ug-KVsgpMJTSDEVqcvTaaXbFvw4dpj0U0ofgBsd0Upu1DVbuiLB3JQAorNeOUCm1kySUAzXypCIiT6-7s2pr6n2o-yYtvRoBwySg9UPgC3lNpxA |
| ContentType | Journal Article |
| Copyright | Distributed under a Creative Commons Attribution 4.0 International License |
| Copyright_xml | – notice: Distributed under a Creative Commons Attribution 4.0 International License |
| DBID | 1XC VOOES DOA |
| DOI | 10.13154/tosc.v2020.i3.327-361 |
| DatabaseName | Hyper Article en Ligne (HAL) Hyper Article en Ligne (HAL) (Open Access) DOAJ Directory of Open Access Journals |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: DOA name: Open Access资源_DOAJ url: https://www.doaj.org/ sourceTypes: Open Website |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Computer Science |
| EISSN | 2519-173X |
| EndPage | 361 |
| ExternalDocumentID | oai_doaj_org_article_bbe08365d69241159a6b463318fb7035 oai_HAL_hal_03046211v1 |
| GroupedDBID | 1XC ADBBV ALMA_UNASSIGNED_HOLDINGS BCNDV GROUPED_DOAJ VOOES |
| ID | FETCH-LOGICAL-d255t-d3cc356975bf486a2add6e9a1728e8a474e27694ad2b80f1251374c7d73ac5923 |
| IEDL.DBID | DOA |
| ISSN | 2519-173X |
| IngestDate | Wed Aug 27 00:11:29 EDT 2025 Sun Aug 03 06:10:22 EDT 2025 |
| IsDoiOpenAccess | true |
| IsOpenAccess | true |
| IsPeerReviewed | true |
| IsScholarly | true |
| Issue | 3 |
| Keywords | MILP Impossible Differential Sbox Linear Layer |
| Language | English |
| License | Distributed under a Creative Commons Attribution 4.0 International License: http://creativecommons.org/licenses/by/4.0 |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-d255t-d3cc356975bf486a2add6e9a1728e8a474e27694ad2b80f1251374c7d73ac5923 |
| OpenAccessLink | https://doaj.org/article/bbe08365d69241159a6b463318fb7035 |
| PageCount | 35 |
| ParticipantIDs | doaj_primary_oai_doaj_org_article_bbe08365d69241159a6b463318fb7035 hal_primary_oai_HAL_hal_03046211v1 |
| PublicationCentury | 2000 |
| PublicationDate | 2020-01-01 |
| PublicationDateYYYYMMDD | 2020-01-01 |
| PublicationDate_xml | – month: 01 year: 2020 text: 2020-01-01 day: 01 |
| PublicationDecade | 2020 |
| PublicationTitle | IACR Transactions on Symmetric Cryptology |
| PublicationYear | 2020 |
| Publisher | Ruhr Universität Bochum Ruhr-Universität Bochum |
| Publisher_xml | – name: Ruhr Universität Bochum – name: Ruhr-Universität Bochum |
| SSID | ssj0002893649 |
| Score | 2.2963693 |
| Snippet | Mixed Integer Linear Programming (MILP) solvers are regularly used by designers for providing security arguments and by cryptanalysts for searching for new... |
| SourceID | doaj hal |
| SourceType | Open Website Open Access Repository |
| StartPage | 327 |
| SubjectTerms | Computer Science Cryptography and Security Impossible Differential Linear Layer MILP Sbox |
| Title | Efficient MILP Modelings for Sboxes and Linear Layers of SPN ciphers |
| URI | https://inria.hal.science/hal-03046211 https://doaj.org/article/bbe08365d69241159a6b463318fb7035 |
| Volume | 2020 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwrV07T8MwELZQJxYEAkR5yUKsaZPYseuxPKqC2qpSqdQt8jm2KEOKSKj4-ZydIJWJhdWDH58vvu_s3HeE3CYMIEkFi7QpIOLGQgQJs5GIGXcydtyGDLnpTIyX_HmVrXZKffl_whp54Aa4PoD1AspZITBSQPqitAAuGJqiA7TWoF6KPm8nmHprns-Y4KpNCWbIE_r1pjK9Lcb6cW_NeizFbysoY_sR0bG8_lykBscyOiQHLSOkw2YmR2TPlsfk4TFIO6BHoNOnyZz6kmU-cbyiSDLpAjZftqK6LCjGkmirdKI9daYbRxfzGTVrLxZQnZDl6PHlfhy1BQ-iApl9HRXMGJYJJTNwfCB0ioePsEr7GlJ2oLnkNpVCcV2kMIid5yZMciMLybTJkKqdkk65Ke0ZoUwnQmqwCLbmRsfKxYCHW6ywO2Wd7JI7v_D8vdG0yL3KdGhA7PMW-_wv7LvkBmH71cd4OMl9W3hxxeBym5z_x0gXZN_vXHP3cUk69cenvUI2UMN12PhvJV2ukw |
| linkProvider | Directory of Open Access Journals |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Efficient+MILP+Modelings+for+Sboxes+and+Linear+Layers+of+SPN+ciphers&rft.jtitle=IACR+Transactions+on+Symmetric+Cryptology&rft.au=Boura%2C+Christina&rft.au=Coggia%2C+Daniel&rft.date=2020-01-01&rft.pub=Ruhr+Universit%C3%A4t+Bochum&rft.issn=2519-173X&rft.eissn=2519-173X&rft.volume=2020&rft.issue=3&rft.spage=327&rft.epage=361&rft_id=info:doi/10.13154%2Ftosc.v2020.i3.327-361&rft.externalDBID=HAS_PDF_LINK&rft.externalDocID=oai_HAL_hal_03046211v1 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=2519-173X&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=2519-173X&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=2519-173X&client=summon |