Finding the Impossible: Automated Search for Full Impossible-Differential, Zero-Correlation, and Integral Attacks

Impossible differential (ID), zero-correlation (ZC), and integral attacks are a family of important on block ciphers. For example, the impossible attack was first cryptanalytic 7 rounds AES. Evaluating security ciphers against these is very but also challenging: Finding usually implies combinatorial optimization problem involving many parameters constraints that hard to solve using manual approaches. Automated solvers, such as Constraint Programming (CP) can help cryptanalyst find suitable attacks. However, previous CP-based methods focus finding only ID, ZC, distinguishers, often in limited search space. Notably, none be extended unified for full attacks, including efficient key-recovery steps. In this paper, we present new method distinguishers extend it constraint To show effectiveness usefulness our method, applied several ciphers, SKINNY, CRAFT, SKINNYe-v2, SKINNYee. ISO standard cipher significantly improve all existing particular, SKINNY-n-3n SKINNY-n-2n by 3 2 rounds, respectively, obtaining best results variants single-key setting. We ZC SKINNY-n-n (SKINNY-n-2n) (resp. 1) rounds. ID SKINNY. Particularly, time complexity single-tweakey (related-tweakey) SKINNY-128-256 SKINNY-128-384) factor $$2^{22.57}$$ $$2^{15.39}$$ ). On propose 21-round (20-round) ZC) attack, which improves Using model, provide practical reduced-round Deoxys-BC. Our generic applicable other strongly aligned