Loading...

Shortcut Cryptanalysis of Symmetric Block Ciphers (Focusing on Differential and Impossible-Differential Cryptanalysis of ARX Ciphers)

Azimi, Arash | 2023

100 Viewed
  1. Type of Document: Ph.D. Dissertation
  2. Language: Farsi
  3. Document No: 56230 (05)
  4. University: Sharif University of Technology
  5. Department: Electrical Engineering
  6. Advisor(s): Salmasizadeh, Mahmoud; Mohajeri, Javad; Aref, Mohammad Reza
  7. Abstract:
  8. In this thesis, we analyze the security of symmetric block ciphers using shortcut cryptanalysis, mainly focusing on differential and impossible-differential cryptanalysis. The contributions of this thesis are twofold. First, we evaluate the security of 4 notable block ciphers named TEA, XTEA, Midori, and HIGHT using ad-hoc impossible-differential cryptanalysis in single-key settings. For each cipher, we introduce new impossible differentials in single-key settings, which are later used in the cryptanalysis. The results show that for all of the mentioned block ciphers, we are able to analyze the longest reduced-round versions of them in contrast to each of the previously mounted single-key impossible-differential cryptanalysis. The second and main part of our research are focused on providing generic and automated methods used in differential and impossible-differential cryptanalysis. To this end, we choose ARX ciphers which are an important class of symmetric-key algorithms constructed by Addition, Rotation, and XOR. To evaluate the resistance of an ARX cipher against differential and impossible-differential cryptanalysis, the recent automated methods employ constraint satisfaction solvers to search for optimal characteristics or impossible differentials. The main difficulty in formulating this search is finding the differential models of the non-linear operations. While an efficient bit-vector differential model was obtained for the modular addition with two variable inputs, no differential model for the modular addition by a constant has been proposed so far, preventing ARX ciphers including this operation from being evaluated with automated methods. To solve this open problem, we present the first bit-vector differential model for the $n$-bit modular addition by a constant input. Our model contains $O(\log_2(n))$ basic bit-vector constraints and describes the binary logarithm of the differential probability. We describe an SMT-based automated method that includes our model to search for differential characteristics of ARX ciphers including constant additions. We also introduce a new automated method for obtaining impossible differentials where we do not search over a small pre-defined set of differences, such as low-weight differences, but let the SMT solver search through the space of differences. Moreover, we implement both methods in our open-source tool \texttt{ArxPy} to find characteristics and impossible differentials of ARX ciphers with constant additions in a fully automated way. As some examples, we provide related-key impossible differentials and differential characteristics of TEA, XTEA, HIGHT, LEA, SHACAL-1, and SHACAL-2, which achieve better results compared to the previous works
  9. Keywords:
  10. Impossible Differential Cryptanalysis ; Differential Cryptoanalysis ; Automated Tool ; Automated Cryptanalysis ; Symmetric Ciphers ; ARX Ciphers ; Constant Addition

 Digital Object List

 Bookmark

...see more