Automatic search method for multiple differentials and its application on MANTIS
Autor: | Ru Liu, Shiyao Chen, Meiqin Wang, Tingting Cui |
---|---|
Rok vydání: | 2019 |
Předmět: |
Key-recovery attack
Differential cryptanalysis Theoretical computer science General Computer Science biology Computer science 020207 software engineering Differential (mechanical device) 02 engineering and technology biology.organism_classification Margin (machine learning) Product (mathematics) 0202 electrical engineering electronic engineering information engineering Mantis Cluster analysis Block cipher |
Zdroj: | Science China Information Sciences. 62 |
ISSN: | 1869-1919 1674-733X |
Popis: | Multiple differential cryptanalysis is one of the extensions of classic differential cryptanalysis. In this paper, we present a generic automatic search method for clustering multiple differentials on a target block cipher. Our search method has two steps. Firstly, the sets of input and output differences will be determined. With these sets, we get different multiple differentials. Then for each one of these multiple differentials, we enumerate and record all satisfied differential trails, which leads to a more accurate evaluation of the multiple differentials distinguisher. Among these different multiple differentials distinguishers, we can choose the best one for key recovery attack. We demonstrate our search method by applying it on the part of differentials of the block cipher MANTIS. As a result, we find a new 10-round multiple differentials distinguisher with probability 2−55.98 and an 11-round multiple differentials distinguisher with probability 2−63.71, which is the longest distinguisher for MANTIS so far as we know. This new 10-round distinguisher can lead to a better signal-to-noise ratio, so we derive an improved key recovery attack on MANTIS-6 with the complexity of about 251.79 chosen-plaintext queries, 251.91 encryptions and data-time product 2103.70, which is better than the previous best one with data-time product 2110.61. Aiming at exploring the gap between the performance of multiple differential attack and the security margin on MANTIS, we also use the 11-round distinguisher to derive a key recovery attack on MANTIS-7 with the complexity of about 261.86 chosen-plaintext queries, 2102.92 encryptions and data-time product 2164.78. It does not threat the security of full version MANTIS (MANTIS-7) since the security bound of data-time product claimed by the designers is 2126. |
Databáze: | OpenAIRE |
Externí odkaz: |