New Methods for Bounding the Length of Impossible Differentials of SPN Block Ciphers

New Methods for Bounding the Length of Impossible Differentials of SPN Block Ciphers

How to evaluate the security of Substitution-Permutation Network (SPN) block ciphers against impossible differential (ID) cryptanalysis is a valuable problem. In this paper, a series of methods for bounding the length of IDs of SPN block ciphers are proposed. Firstly, we propose the definitions of m...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEEE transactions on information theory 2024-12, Vol.70 (12), p.9165-9178
Hauptverfasser: Wang, Senpeng, Feng, Dengguo, Shi, Tairong, Hu, Bin, Guan, Jie, Zhang, Kai, Cui, Ting
Format: Artikel
Sprache:eng
Schlagworte:
Accuracy
AES
Ciphers
Complexity theory
GIFT
Heuristic algorithms
Impossible differential
Indexes
PRESENT
Rijndael
Security
SKINNY
Sun
Time complexity
Upper bound
Vectors
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 9178
container_issue 12
container_start_page 9165
container_title IEEE transactions on information theory
container_volume 70
creator Wang, Senpeng
Feng, Dengguo
Shi, Tairong
Hu, Bin
Guan, Jie
Zhang, Kai
Cui, Ting
description How to evaluate the security of Substitution-Permutation Network (SPN) block ciphers against impossible differential (ID) cryptanalysis is a valuable problem. In this paper, a series of methods for bounding the length of IDs of SPN block ciphers are proposed. Firstly, we propose the definitions of minimal representative set and partition table. Therefore, an improved partition-first implementation strategy for bounding the length of IDs is given. Secondly, we introduce a new definition of ladder and propose the ladder-first implementation strategy for bounding the length of IDs. In order to be able to apply ladder-first implementation strategy in practice, the methods for determining ladders and integrating a ladder into searching models are given. Thirdly, a heuristic algorithm called dynamic-ladder-partition implementation strategy is proposed. According to our experimental results, dynamic-ladder-partition implementation strategy is more suitable for SPN ciphers whose number of elements in partition tables is little. Fourthly, rotation-equivalence ID sets of ciphers are explored to reduce the number of models that need to be considered. As applications, we show that 9-round PRESENT, 5-round AES, 6-round Rijndael-160, 7-round Rijndael-192, 7-round Rijndael-224 and 7-round Rijndael-256 do not have any ID under the sole assumption that the round keys are uniformly random. What's more, we obtain that 8-round GIFT-64, 12-round GIFT-128 and 14-round SKINNY-128 do not have any ID under the assumptions that GIFT and SKINNY are Markov ciphers and the round keys are uniformly random. Our methods fill crucial gaps on bounding the length of IDs with the differential properties of S-boxes considered. They enhance our confidence in the security and are valuable, especially for designers.
doi_str_mv 10.1109/TIT.2024.3473940
format Article
fullrecord <record><control><sourceid>crossref_RIE</sourceid><recordid>TN_cdi_ieee_primary_10706887</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>10706887</ieee_id><sourcerecordid>10_1109_TIT_2024_3473940</sourcerecordid><originalsourceid>FETCH-LOGICAL-c627-7d67628fc4d109e31ec4b298431be47bc3f2ab1582510bc95c509e31738a868e3</originalsourceid><addsrcrecordid>eNpNkEtPwzAQhC0EEqFw58DBfyDFz9g50vKKVAoSuUexs24MbRLZQYh_T0p74LRazcxq50PompI5pSS_LYtyzggTcy4UzwU5QQmVUqV5JsUpSgihOs2F0OfoIsaPaRWSsgSVa_jGLzC2fROx6wNe9F9d47sNHlvAK-g2Y4t7h4vd0MfozRbwvXcOAnSjr7dxr72_rfFi29tPvPRDCyFeojM3aXB1nDNUPj6Uy-d09fpULO9Wqc2YSlWTqYxpZ0UzFQBOwQrDci04NSCUsdyx2lCpmaTE2Fxa-WdTXNc608BniBzO2jD9FsBVQ_C7OvxUlFR7KNUEpdpDqY5QpsjNIeIB4J9dkUxrxX8B-jNc6Q</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>New Methods for Bounding the Length of Impossible Differentials of SPN Block Ciphers</title><source>IEEE Electronic Library (IEL)</source><creator>Wang, Senpeng ; Feng, Dengguo ; Shi, Tairong ; Hu, Bin ; Guan, Jie ; Zhang, Kai ; Cui, Ting</creator><creatorcontrib>Wang, Senpeng ; Feng, Dengguo ; Shi, Tairong ; Hu, Bin ; Guan, Jie ; Zhang, Kai ; Cui, Ting</creatorcontrib><description>How to evaluate the security of Substitution-Permutation Network (SPN) block ciphers against impossible differential (ID) cryptanalysis is a valuable problem. In this paper, a series of methods for bounding the length of IDs of SPN block ciphers are proposed. Firstly, we propose the definitions of minimal representative set and partition table. Therefore, an improved partition-first implementation strategy for bounding the length of IDs is given. Secondly, we introduce a new definition of ladder and propose the ladder-first implementation strategy for bounding the length of IDs. In order to be able to apply ladder-first implementation strategy in practice, the methods for determining ladders and integrating a ladder into searching models are given. Thirdly, a heuristic algorithm called dynamic-ladder-partition implementation strategy is proposed. According to our experimental results, dynamic-ladder-partition implementation strategy is more suitable for SPN ciphers whose number of elements in partition tables is little. Fourthly, rotation-equivalence ID sets of ciphers are explored to reduce the number of models that need to be considered. As applications, we show that 9-round PRESENT, 5-round AES, 6-round Rijndael-160, 7-round Rijndael-192, 7-round Rijndael-224 and 7-round Rijndael-256 do not have any ID under the sole assumption that the round keys are uniformly random. What's more, we obtain that 8-round GIFT-64, 12-round GIFT-128 and 14-round SKINNY-128 do not have any ID under the assumptions that GIFT and SKINNY are Markov ciphers and the round keys are uniformly random. Our methods fill crucial gaps on bounding the length of IDs with the differential properties of S-boxes considered. They enhance our confidence in the security and are valuable, especially for designers.</description><identifier>ISSN: 0018-9448</identifier><identifier>EISSN: 1557-9654</identifier><identifier>DOI: 10.1109/TIT.2024.3473940</identifier><identifier>CODEN: IETTAW</identifier><language>eng</language><publisher>IEEE</publisher><subject>Accuracy ; AES ; Ciphers ; Complexity theory ; GIFT ; Heuristic algorithms ; Impossible differential ; Indexes ; PRESENT ; Rijndael ; Security ; SKINNY ; Sun ; Time complexity ; Upper bound ; Vectors</subject><ispartof>IEEE transactions on information theory, 2024-12, Vol.70 (12), p.9165-9178</ispartof><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><cites>FETCH-LOGICAL-c627-7d67628fc4d109e31ec4b298431be47bc3f2ab1582510bc95c509e31738a868e3</cites><orcidid>0000-0002-2306-3720 ; 0000-0002-9332-2740 ; 0000-0002-6550-6518 ; 0000-0002-8074-4581 ; 0000-0002-0827-1513</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/10706887$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>314,776,780,792,27901,27902,54733</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/10706887$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Wang, Senpeng</creatorcontrib><creatorcontrib>Feng, Dengguo</creatorcontrib><creatorcontrib>Shi, Tairong</creatorcontrib><creatorcontrib>Hu, Bin</creatorcontrib><creatorcontrib>Guan, Jie</creatorcontrib><creatorcontrib>Zhang, Kai</creatorcontrib><creatorcontrib>Cui, Ting</creatorcontrib><title>New Methods for Bounding the Length of Impossible Differentials of SPN Block Ciphers</title><title>IEEE transactions on information theory</title><addtitle>TIT</addtitle><description>How to evaluate the security of Substitution-Permutation Network (SPN) block ciphers against impossible differential (ID) cryptanalysis is a valuable problem. In this paper, a series of methods for bounding the length of IDs of SPN block ciphers are proposed. Firstly, we propose the definitions of minimal representative set and partition table. Therefore, an improved partition-first implementation strategy for bounding the length of IDs is given. Secondly, we introduce a new definition of ladder and propose the ladder-first implementation strategy for bounding the length of IDs. In order to be able to apply ladder-first implementation strategy in practice, the methods for determining ladders and integrating a ladder into searching models are given. Thirdly, a heuristic algorithm called dynamic-ladder-partition implementation strategy is proposed. According to our experimental results, dynamic-ladder-partition implementation strategy is more suitable for SPN ciphers whose number of elements in partition tables is little. Fourthly, rotation-equivalence ID sets of ciphers are explored to reduce the number of models that need to be considered. As applications, we show that 9-round PRESENT, 5-round AES, 6-round Rijndael-160, 7-round Rijndael-192, 7-round Rijndael-224 and 7-round Rijndael-256 do not have any ID under the sole assumption that the round keys are uniformly random. What's more, we obtain that 8-round GIFT-64, 12-round GIFT-128 and 14-round SKINNY-128 do not have any ID under the assumptions that GIFT and SKINNY are Markov ciphers and the round keys are uniformly random. Our methods fill crucial gaps on bounding the length of IDs with the differential properties of S-boxes considered. They enhance our confidence in the security and are valuable, especially for designers.</description><subject>Accuracy</subject><subject>AES</subject><subject>Ciphers</subject><subject>Complexity theory</subject><subject>GIFT</subject><subject>Heuristic algorithms</subject><subject>Impossible differential</subject><subject>Indexes</subject><subject>PRESENT</subject><subject>Rijndael</subject><subject>Security</subject><subject>SKINNY</subject><subject>Sun</subject><subject>Time complexity</subject><subject>Upper bound</subject><subject>Vectors</subject><issn>0018-9448</issn><issn>1557-9654</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2024</creationdate><recordtype>article</recordtype><sourceid>RIE</sourceid><recordid>eNpNkEtPwzAQhC0EEqFw58DBfyDFz9g50vKKVAoSuUexs24MbRLZQYh_T0p74LRazcxq50PompI5pSS_LYtyzggTcy4UzwU5QQmVUqV5JsUpSgihOs2F0OfoIsaPaRWSsgSVa_jGLzC2fROx6wNe9F9d47sNHlvAK-g2Y4t7h4vd0MfozRbwvXcOAnSjr7dxr72_rfFi29tPvPRDCyFeojM3aXB1nDNUPj6Uy-d09fpULO9Wqc2YSlWTqYxpZ0UzFQBOwQrDci04NSCUsdyx2lCpmaTE2Fxa-WdTXNc608BniBzO2jD9FsBVQ_C7OvxUlFR7KNUEpdpDqY5QpsjNIeIB4J9dkUxrxX8B-jNc6Q</recordid><startdate>202412</startdate><enddate>202412</enddate><creator>Wang, Senpeng</creator><creator>Feng, Dengguo</creator><creator>Shi, Tairong</creator><creator>Hu, Bin</creator><creator>Guan, Jie</creator><creator>Zhang, Kai</creator><creator>Cui, Ting</creator><general>IEEE</general><scope>97E</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><orcidid>https://orcid.org/0000-0002-2306-3720</orcidid><orcidid>https://orcid.org/0000-0002-9332-2740</orcidid><orcidid>https://orcid.org/0000-0002-6550-6518</orcidid><orcidid>https://orcid.org/0000-0002-8074-4581</orcidid><orcidid>https://orcid.org/0000-0002-0827-1513</orcidid></search><sort><creationdate>202412</creationdate><title>New Methods for Bounding the Length of Impossible Differentials of SPN Block Ciphers</title><author>Wang, Senpeng ; Feng, Dengguo ; Shi, Tairong ; Hu, Bin ; Guan, Jie ; Zhang, Kai ; Cui, Ting</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c627-7d67628fc4d109e31ec4b298431be47bc3f2ab1582510bc95c509e31738a868e3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2024</creationdate><topic>Accuracy</topic><topic>AES</topic><topic>Ciphers</topic><topic>Complexity theory</topic><topic>GIFT</topic><topic>Heuristic algorithms</topic><topic>Impossible differential</topic><topic>Indexes</topic><topic>PRESENT</topic><topic>Rijndael</topic><topic>Security</topic><topic>SKINNY</topic><topic>Sun</topic><topic>Time complexity</topic><topic>Upper bound</topic><topic>Vectors</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Wang, Senpeng</creatorcontrib><creatorcontrib>Feng, Dengguo</creatorcontrib><creatorcontrib>Shi, Tairong</creatorcontrib><creatorcontrib>Hu, Bin</creatorcontrib><creatorcontrib>Guan, Jie</creatorcontrib><creatorcontrib>Zhang, Kai</creatorcontrib><creatorcontrib>Cui, Ting</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><jtitle>IEEE transactions on information theory</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Wang, Senpeng</au><au>Feng, Dengguo</au><au>Shi, Tairong</au><au>Hu, Bin</au><au>Guan, Jie</au><au>Zhang, Kai</au><au>Cui, Ting</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>New Methods for Bounding the Length of Impossible Differentials of SPN Block Ciphers</atitle><jtitle>IEEE transactions on information theory</jtitle><stitle>TIT</stitle><date>2024-12</date><risdate>2024</risdate><volume>70</volume><issue>12</issue><spage>9165</spage><epage>9178</epage><pages>9165-9178</pages><issn>0018-9448</issn><eissn>1557-9654</eissn><coden>IETTAW</coden><abstract>How to evaluate the security of Substitution-Permutation Network (SPN) block ciphers against impossible differential (ID) cryptanalysis is a valuable problem. In this paper, a series of methods for bounding the length of IDs of SPN block ciphers are proposed. Firstly, we propose the definitions of minimal representative set and partition table. Therefore, an improved partition-first implementation strategy for bounding the length of IDs is given. Secondly, we introduce a new definition of ladder and propose the ladder-first implementation strategy for bounding the length of IDs. In order to be able to apply ladder-first implementation strategy in practice, the methods for determining ladders and integrating a ladder into searching models are given. Thirdly, a heuristic algorithm called dynamic-ladder-partition implementation strategy is proposed. According to our experimental results, dynamic-ladder-partition implementation strategy is more suitable for SPN ciphers whose number of elements in partition tables is little. Fourthly, rotation-equivalence ID sets of ciphers are explored to reduce the number of models that need to be considered. As applications, we show that 9-round PRESENT, 5-round AES, 6-round Rijndael-160, 7-round Rijndael-192, 7-round Rijndael-224 and 7-round Rijndael-256 do not have any ID under the sole assumption that the round keys are uniformly random. What's more, we obtain that 8-round GIFT-64, 12-round GIFT-128 and 14-round SKINNY-128 do not have any ID under the assumptions that GIFT and SKINNY are Markov ciphers and the round keys are uniformly random. Our methods fill crucial gaps on bounding the length of IDs with the differential properties of S-boxes considered. They enhance our confidence in the security and are valuable, especially for designers.</abstract><pub>IEEE</pub><doi>10.1109/TIT.2024.3473940</doi><tpages>14</tpages><orcidid>https://orcid.org/0000-0002-2306-3720</orcidid><orcidid>https://orcid.org/0000-0002-9332-2740</orcidid><orcidid>https://orcid.org/0000-0002-6550-6518</orcidid><orcidid>https://orcid.org/0000-0002-8074-4581</orcidid><orcidid>https://orcid.org/0000-0002-0827-1513</orcidid></addata></record>
fulltext fulltext_linktorsrc
identifier ISSN: 0018-9448
ispartof IEEE transactions on information theory, 2024-12, Vol.70 (12), p.9165-9178
issn 0018-9448
1557-9654
language eng
recordid cdi_ieee_primary_10706887
source IEEE Electronic Library (IEL)
subjects Accuracy
AES
Ciphers
Complexity theory
GIFT
Heuristic algorithms
Impossible differential
Indexes
PRESENT
Rijndael
Security
SKINNY
Sun
Time complexity
Upper bound
Vectors
title New Methods for Bounding the Length of Impossible Differentials of SPN Block Ciphers
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-05T16%3A52%3A10IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-crossref_RIE&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=New%20Methods%20for%20Bounding%20the%20Length%20of%20Impossible%20Differentials%20of%20SPN%20Block%20Ciphers&rft.jtitle=IEEE%20transactions%20on%20information%20theory&rft.au=Wang,%20Senpeng&rft.date=2024-12&rft.volume=70&rft.issue=12&rft.spage=9165&rft.epage=9178&rft.pages=9165-9178&rft.issn=0018-9448&rft.eissn=1557-9654&rft.coden=IETTAW&rft_id=info:doi/10.1109/TIT.2024.3473940&rft_dat=%3Ccrossref_RIE%3E10_1109_TIT_2024_3473940%3C/crossref_RIE%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=10706887&rfr_iscdi=true