International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Finding Impossible Differentials in ARX Ciphers under Weak Keys

Authors:
Qing Ling , School of Cyberspace Security, Hangzhou Dianzi University, Hangzhou, China
Tingting Cui , School of Cyberspace Security, Hangzhou Dianzi University, Hangzhou, China; Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Qingdao, China
Hongtao Hu , School of Cyberspace Security, Hangzhou Dianzi University, Hangzhou, China
Sijia Gong , School of Cyberspace Security, Hangzhou Dianzi University, Hangzhou, China
Zijun He , School of Cyberspace Security, Hangzhou Dianzi University, Hangzhou, China
Jiali Huang , School of Cyberspace Security, Hangzhou Dianzi University, Hangzhou, China
Jia Xiao , Huaxia Jingwei Information Technology Limited Company, Beijing, China
Download:
DOI: 10.46586/tosc.v2024.i1.326-356
URL: https://tosc.iacr.org/index.php/ToSC/article/view/11409
Search ePrint
Search Google
Abstract: Impossible differential cryptanalysis is very important in the field of symmetric ciphers. Currently, there are many automatic search approaches to find impossible differentials. However, these methods have two underlying assumptions: Markov cipher assumption and key independence assumption. Actually, these two assumptions are not true in ARX ciphers, especially lightweight ones. In this paper, we study the impossible differentials in ARX cipher under weak keys for the first time. Firstly, we propose several accurate difference propagation properties on consecutive two and three modular additions. Then, these properties are applied to four typical local constructions composed of two consecutive modular additions, two modular additions with a rotation operation, xoring secret key or constant in the middle, to find impossible differentials under weak keys or special constants. What’s more, we propose a more accurate difference propagation property on three consecutive modular additions. It can be used to find impossible differentials on more complex local constructions under weak keys or special constants. In practical ciphers, these impossible differentials on local constructions can be used to find contradictions. Lastly, combining our new findings with traditional automatic search methods for impossible differentials, we propose a framework to find impossible differentials in ARX ciphers under weak keys. As applications, we apply the framework to SPECK-32/64, LEA and CHAM-64/128. As a result, we find two 8-round impossible differentials for SPECK-32/64 under 260 weak keys, and one 11-round impossible differential for LEA under 2k−1 weak keys, where k is the key size. These impossible differentials can start from any round. Furthermore, we find two 22-round impossible differentials for CHAM-64/128 under 2127 weak keys starting from certain rounds. As far as we know, all these impossible differentials are longer than previous ones.
BibTeX
@article{tosc-2024-34018,
  title={Finding Impossible Differentials in ARX Ciphers under Weak Keys},
  journal={IACR Transactions on Symmetric Cryptology},
  publisher={Ruhr-Universität Bochum},
  volume={024 No. 1},
  pages={326-356},
  url={https://tosc.iacr.org/index.php/ToSC/article/view/11409},
  doi={10.46586/tosc.v2024.i1.326-356},
  author={Qing Ling and Tingting Cui and Hongtao Hu and Sijia Gong and Zijun He and Jiali Huang and Jia Xiao},
  year=2024
}