Improved Automatic Search Tool for Related-Key Differential Characteristics on Byte-Oriented Block Ciphers

• Published in: Information Security Vol. 10599; pp. 58 - 76
• Main Authors: Lin, Li, Wu, Wenling, Zheng, Yafei
• Format: Book Chapter
• Language: English
• Published: Switzerland Springer International Publishing AG 2017; Springer International Publishing
• Series: Lecture Notes in Computer Science
• Subjects: AES; Automatic search tool; Deoxys; Heuristic algorithm; Joltik; Midori; Related-key differential characteristics
• ISBN: 9783319696584; 3319696580
• ISSN: 0302-9743; 1611-3349
• DOI: 10.1007/978-3-319-69659-1_4

The security of modern block ciphers against related-key attacks, especially the automatic search algorithm for the related-key differential characteristics, attaches a lot of academic attention in recent years. Many search algorithms have been proposed, including depth-first algorithm, breadth-first algorithm and mixed-integer linear programming algorithm. However, the algorithm with reasonable time and memory is still very ad hoc. In this paper, we propose a heuristic algorithm for automatic search for related-key truncated differential characteristics. The goal of our tool is to output a good characteristic within reasonable time and memory, so that it can be used to evaluate the resistance against related-key differential attacks. Our tool combines the precomputation phase of breadth-first algorithm and the depth-first algorithm. To demonstrate the usefulness of our approach, we apply our tool to AES, Deoxys, Joltik and Midori. For AES, we for the first time get a searching result of the best related-key differential characteristic on 10-round AES-128 using the truncated differential form directly. For Deoxys and Joltik, we get more results than the designers under the related-key related-tweak setting. For Midori, we get a two-round related-key cyclic characteristic with weight two, which means that Midori is weak under the related-key setting. We also give a way to calculate the complexity of depth-first algorithm, breadth-first algorithm and our heuristic algorithm, and this is meaningful for us to choose the proper parameters of the algorithm to make the search feasible.