Accelerating the Search of Differential and Linear Characteristics with the SAT Method

The introduction of the automatic search boosts cryptanalysis symmetric-key primitives to some degree. However, performance is not always satisfactory for long trails or ciphers with large state sizes. Compared extensive attention on enhancement mixed integer linear programming (MILP) method, few works care acceleration Boolean satisfiability problem (SAT) modulo theories (SMT) method. This paper intends fill this vacancy. Firstly, additional encoding variables sequential counter circuit original objective function in standard SAT we put forward a new method convert Matsui’s bounding conditions into formulas. approach does rely auxiliary and significantly reduces consumption clauses integrating multiple one problem. Then, evaluate accelerating effect novel under different sets conditions. With observations experience tests, strategy how create that probably achieve extraordinary advances proposed. idea applied optimal differential characteristics ciphers. For PRESENT, GIFT-64, RECTANGLE, LBlock, TWINE, versions SIMON SPECK families block ciphers, obtain complete bounds (full rounds) number active S-boxes, probability, as well bias. also employed speed up related-key GIFT-64. Based newly identified 18-round distinguisher probability 2?58, launch 26-round key-recovery attack 260.96 chosen plaintexts. To our knowledge, longest Lastly, note result far from threatening security GIFT-64 since designers recommended users double rounds setting.