Refined Probability of Differential Characteristics Including Dependency Between Multiple Rounds

Abstract : The current paper studies the probability of differential characteristics for an unkeyed (or with a fixed key) construction. Most notably, it focuses on the gap between two probabilities of differential characteristics: probability with independent S-box assumption, $p_{ind}$, and exact probability, $p_{exact}$. It turns out that $p_{exact}$ is larger than $p_{ind}$ in Feistel network with some S-box based inner function. The mechanism of this gap is then theoretically analyzed. The gap is derived from interaction of S-boxes in three rounds, and the gap depends on the size and choice of the S-box. In particular the gap can never be zero when the S-box is bigger than six bits. To demonstrate the power of this improvement, a related-key differential characteristic is proposed against a lightweight block cipher RoadRunneR. For the 128-bit key version, $p_{ind}$ of $2^{-48}$ is improved to $p_{exact}$ of $2^{-43}$. For the 80-bit key version, $p_{ind}$ of $2^{-68}$ is improved to $p_{exact}$ of $2^{-62}$. The analysis is further extended to SPN with an almost-MDS binary matrix in the core primitive of the authenticated encryption scheme Minalpher: $p_{ind}$ of $2^{-128}$ is improved to $p_{exact}$ of $2^{-96}$, which allows to extend the attack by two rounds.
Type de document :
Article dans une revue
IACR Transactions on Symmetric Cryptology, Ruhr Universität Bochum, 2017, 2017 (2), pp.203--227. 〈10.13154/tosc.v2017.i2.203-227〉
Liste complète des métadonnées

Littérature citée [35 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01649954
Contributeur : Anne Canteaut <>
Soumis le : mardi 28 novembre 2017 - 09:40:23
Dernière modification le : jeudi 26 avril 2018 - 10:27:54

Fichier

tosc.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

Collections

Citation

Anne Canteaut, Eran Lambooij, Samuel Neves, Shahram Rasoolzadeh, Yu Sasaki, et al.. Refined Probability of Differential Characteristics Including Dependency Between Multiple Rounds. IACR Transactions on Symmetric Cryptology, Ruhr Universität Bochum, 2017, 2017 (2), pp.203--227. 〈10.13154/tosc.v2017.i2.203-227〉. 〈hal-01649954〉

Partager

Métriques

Consultations de la notice

85

Téléchargements de fichiers

31