Boosting Differential-Linear Cryptanalysis of ChaCha7 with MILP
نویسندگان
چکیده
In this paper, we present an improved differential-linear cryptanalysis of the ChaCha stream cipher. Our main contributions are new distinguishers that were able to build thanks following improvements: a) considered a larger search space, including 2-bit differences (besides 1-bit differences) for difference at beginning differential part trail; b) better choice mask between and linear parts; c) carefully crafted MILP tool finds trails with higher correlation part. We eventually obtain distinguisher reduced 7 rounds requires 2166.89 computations, improving previous record (ASIACRYPT 2022) by factor 247. Also, 7.5 2251.4 being first time against rounds. Using our tool, also found 5-round distinguisher. When combined probabilistic neutral bits (PNB) framework, key-recovery attack on computational complexity 2206.8, 214.2 upon recent result published EUROCRYPT 2022.
منابع مشابه
Enhancing Differential-Linear Cryptanalysis
Differential cryptanalysis analyzes ciphers by studying the development of differences during encryption. Linear cryptanalysis is similar but is based on studying approximate linear relations. In 1994, Langford and Hellman showed that both kinds of analysis can be combined together by a technique called differential-linear cryptanalysis, in which the differential part creates a linear approxima...
متن کاملDifferential-Linear Cryptanalysis of Serpent
Serpent is a 128-bit SP-Network block cipher consisting of 32 rounds with variable key length (up to 256 bits long). It was selected as one of the 5 AES finalists. The best known attack so far is a linear attack on an 11-round reduced variant. In this paper we apply the enhanced differential-linear cryptanalysis to Serpent. The resulting attack is the best known attack on 11-round Serpent. It r...
متن کاملDifferential-Linear Cryptanalysis of ICEPOLE
ICEPOLE is a CAESAR candidate with the intermediate level of robustness under nonce misuse circumstances in the original document. In particular, it was claimed that key recovery attack against ICEPOLE is impossible in the case of nonce misuse. ICEPOLE is strong against the differential cryptanalysis and linear cryptanalysis. In this paper, we developed the differential-linear attacks against I...
متن کاملQuantum Differential and Linear Cryptanalysis
Quantum computers, that may become available one day, will impact many scientific fields. Cryptography is certainly one of them since many asymmetric primitives would become insecure against an adversary with quantum capabilities. Cryptographers are already anticipating this threat by proposing and studying a number of potentially quantum-safe alternatives for those primitives. On the other han...
متن کاملMILP-aided Cryptanalysis of Round Reduced ChaCha
The inclusion of ChaCha20 and Poly1305 into the list of supported ciphers in TLS 1.3 necessitates a security evaluation of those ciphers with all the state-of-the-art tools and innovative cryptanalysis methodologies. Mixed Integer Linear Programming (MILP) has been successfully applied to find more accurate characteristics of several ciphers such as SIMON and SPECK. In our research, we use MILP...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: IACR transaction on symmetric cryptology
سال: 2023
ISSN: ['2519-173X']
DOI: https://doi.org/10.46586/tosc.v2023.i2.189-223