Browse > Article
http://dx.doi.org/10.13089/JKIISC.2021.31.5.875

MILP-Aided Division Property and Integral Attack on Lightweight Block Cipher PIPO  

Kim, Jeseong (Korea University)
Kim, Seonggyeom (Korea University)
Kim, Sunyeop (Korea University)
Hong, Deukjo (Chonbuk National University)
Sung, Jaechul (University of Seoul)
Hong, Seokhie (Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.31, no.5, 2021 , pp. 875-888 More about this Journal
Abstract
In this paper, we search integral distinguishers of lightweight block cipher PIPO and propose a key recovery attack on 8-round PIPO-64/128 with the obtained 6-round distinguishers. The lightweight block cipher PIPO proposed in ICISC 2020 is designed to provide the efficient implementation of high-order masking for side-channel attack resistance. In the proposal, various attacks such as differential and linear cryptanalyses were applied to show the sufficient security strength. However, the designers leave integral attack to be conducted and only show that it is unlikely for PIPO to have integral distinguishers longer than 5-round PIPO without further analysis on Division Property. In this paper, we search integral distinguishers of PIPO using a MILP-aided Division Property search method. Our search can show that there exist 6-round integral distinguishers, which is different from what the designers insist. We also consider linear operation on input and output of distinguisher, respectively, and manage to obtain totally 136 6-round integral distinguishers. Finally, we present an 8-round PIPO-64/128 key recovery attack with time complexity 2124.5849 and memory complexity of 293 with four 6-round integral distinguishers among the entire obtained distinguishers.
Keywords
Integral Attack; PIPO; Division Property; MILP Modeling; Linear combination;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Kim, Hangi, et al. "A New Method for Designing Lightweight S-boxes with High Differential and Linear Branch Numbers, and Its Application," IACR ePrint 2020-1582, Dec. 2020.
2 Xiang, Zejun, et al. "Applying MILP method to searching integral distinguishers based on division property for 6 lightweight block ciphers," International Conference on the Theory and Application of Cryptology and Information Security, pp. 648-678, Dec. 2016.
3 Mouha, Nicky, et al. "Differential and linear cryptanalysis using mixed-integer linear programming," International Conference on Information Security and Cryptology, pp. 57-76, Nov. 2011.
4 Gilbert, Henri, and Thomas Peyrin. "Super-Sbox cryptanalysis: Improved attacks for AES-like permutations," International Workshop on Fast Software Encryption. pp. 365-383, Feb. 2010.
5 Daemen, Joan, Lars Knudsen, and Vincent Rijmen, "The block cipher Square," International Workshop on Fast Software Encryption, pp. 149-165, Jan. 1997.
6 Sasaki, Yu, and Yosuke Todo, "New impossible differential search tool from design and cryptanalysis aspects," Annual International Conference on the Theory and Applications of Cryptographic Techniques. pp. 185-215, Apr. 2017.
7 Je-seong Kim, et al. "Study on Division Property Analysis exploiting S-Box Construction," CISC-S'21, pp. 488-491, June 2021
8 Boura, Christina, Anne Canteaut, and Christophe De Canniere. "Higher-order differential properties of Keccak and Luffa," International Workshop on Fast Software Encryption. pp. 252-269, Feb. 2011.
9 Todo, Yosuke, and Masakatu Morii. "Bit-based division property and application to simon family," International Conference on Fast Software Encryption. pp. 357-377, Mar. 2016.
10 Ferguson, Niels, et al. "Improved cryptanalysis of Rijndael," International Workshop on Fast Software Encryption. pp. 213-230, Apr. 2000.
11 Sun, Siwei, et al. "Towards finding the best characteristics of some bit-oriented block ciphers and automatic enumeration of (related-key) differential and linear characteristics with predefined properties," IACR ePrint 2014-45, Feb. 2015.
12 Tingting, Cui, et al. "New automatic search tool for impossible differentials and zero-correlation linear approximations," IACR ePrint 2016-689, Jul. 2016.
13 Kim, Hangi, et al. "PIPO: A Lightweight Block Cipher with Efficient Higher-Order Masking Software Implementations," International Conference on Information Security and Cryptology, pp. 99-122, Dec. 2020.
14 Todo, Yosuke, "Structural evaluation by generalized integral property," Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 287-314, Apr. 2015.
15 Derbez, Patrick, Pierre-Alain Fouque, and Baptiste Lambin, "Linearly equivalent S-boxes and the Division Property," IACR ePrint 2019-97, Nov. 2019.
16 Knudsen, Lars and David Wagner, "Integral cryptanalysis," International Workshop on Fast Software Encryption, pp. 112-127, Feb. 2002.
17 Sun, Siwei, et al. "Automatic security evaluation and (related-key) differential characteristic search: application to SIMON, PRESENT, LBlock, DES (L) and other bit-oriented block ciphers," International Conference on the Theory and Application of Cryptology and Information Security, pp. 158-178, Dec. 2014