Integral Cryptanalysis of WARP based on Monomial Prediction

WARP is a 128-bit block cipher published by Banik et al. at SAC 2020 as lightweight alternative to AES. It based on generalized Feistel network and achieves the smallest area footprint among ciphers in many settings. Previous analysis results include integral key-recovery attacks 21 out of 41 rounds. In this paper, we propose up 32 rounds improving both distinguisher approach substantially. For distinguisher, show how model monomial prediction technique proposed Hu ASIACRYPT SAT problem thus create bit-oriented taking key schedule into account. Together with two additional observations properties WARP’s construction, extend best previous 2 (as classical distinguisher) or 4 (for distinguisher). recovery, graph-based round function demonstrate manipulate graph obtain representation amenable FFT-based recovery.