Research Article
Improved Conditional Differential Analysis on NLFSR Based Block Cipher KATAN32 with MILP
@INPROCEEDINGS{10.1007/978-3-030-66922-5_26, author={Zhaohui Xing and Wenying Zhang and Guoyong Han}, title={Improved Conditional Differential Analysis on NLFSR Based Block Cipher KATAN32 with MILP}, proceedings={Security and Privacy in New Computing Environments. Third EAI International Conference, SPNCE 2020, Lyngby, Denmark, August 6-7, 2020, Proceedings}, proceedings_a={SPNCE}, year={2021}, month={1}, keywords={KATAN block cipher Conditional differential cryptanalysis Mixed Integer Linear Programming (MILP)}, doi={10.1007/978-3-030-66922-5_26} }- Zhaohui Xing
Wenying Zhang
Guoyong Han
Year: 2021
Improved Conditional Differential Analysis on NLFSR Based Block Cipher KATAN32 with MILP
SPNCE
Springer
DOI: 10.1007/978-3-030-66922-5_26
Abstract
This paper describes constructing a Mixed Integer Linear Programming (MILP) model for conditional differential cryptanalysis on nonlinear feedback shift register (NLFSR)-based block ciphers, and proposes an approach for detecting the bit with a strongly-biased difference. The model is successfully applied to the block cipher KATAN32 in the single-key scenario, resulting in practical key-recovery attacks covering more rounds than the previous. In particular, we present two distinguishers for 79 and 81 out of 254 rounds of KATAN32. Based on the 81-round distinguisher we recover 11 equivalent key bits of 98-round KATAN32 with the time complexity being less than(2^{31})encryptions of 98-round KATAN32 and recover 13 equivalent key bits of 99-round KATAN32 with the time complexity being less than(2^{33})encryptions of 99-round KATAN32. Thus far, our results are the best known practical key-recovery attacks for the round-reduced variants of KATAN32 as far as the number of rounds and the time complexity. All the results are verified experimentally.
