A CP-based Automatic Tool for Instantiating Truncated Differential Characteristics - Extended Version

An important criteria to assert the security of a cryptographic primitive is its resistance against differential cryptanalysis. For word-oriented primitives, a common technique to determine the number of rounds required to ensure the immunity against differential distinguishers is to consider truncated differential characteristics and to count the number of active S-boxes. Doing so allows one to provide an upper bound on the probability of the best differential characteristic with a reduced computational cost. However, in order to design very efficient primitives, it might be needed to evaluate the probability more accurately. This is usually done in a second step, during which one tries to instantiate truncated differential characteristics with actual values and computes its corresponding probability. This step is usually done either with ad-hoc algorithms or with CP, SAT or MILP models that are solved by generic solvers. In this paper, we present a generic tool for automatically generating these models to handle all word-oriented ciphers. Furthermore the running times to solve these models are very competitive with all the previous dedicated approaches

Amélioration du passage à l’échelle et de la réutilisabilité des modèles de cryptanalyse différentielle à l'aide de la programmation par contraintes

In this thesis, we are interested in the use of constraint programming (CP) for solving differential cryptanalysis problems. In particular, we are interested in differential (related or single key) characteristic search problems for the symmetric encryption algorithms Rijndael, AES and Midori. We have alsomodelled boomerang attacks for Rijndael and generalized this method to Feistel schemes. This new modelling has been tested on WARP, Twine and LBlock-s encryption. To solve these different problems, we have proposed new techniques combining SAT and CP solvers. We have also introduced a new global constraint to more efficiently propagate a set of XOR constraints when searching for truncated differential characteristics. These new models have allowed us to improve the performance of existing solutions and to discover new distinguishers for WARP (23 rounds), Twine (15 and 16 rounds) and LBlock-s (16 rounds). We also found new attacks on Rijndael (9 rounds with the 128-160 version, 12 rounds with the 128-224 and 160-256 versions) and on WARP (26 rounds).Dans cette thèse, nous nous intéressons à l’utilisation de la programmation par contraintes (CP) pour la résolution de problèmes de cryptanalyse différentielle. Nous nous intéressons plus particulièrement aux problèmes de recherche de caractéristiques différentielles (à clés liées ou non) pour les algorithmes de chiffrement symétriques Rijndael, AES et Midori. Nous avons également modélisé des attaques boomerangs pour Rijndael et généralisé cette méthode aux schémas Feistel. Cette nouvelle modélisation a été expérimentée sur les chiffrements WARP, Twine et LBlock-s. Pour résoudre ces différents problèmes, nous avons proposé de nouvelles techniques combinant des solveurs SAT et CP. Nous avons également introduit une nouvelle contrainte globale permettant de propager plus efficacement un ensemble de contraintes XOR lors de la recherche de caractéristiques différentielles tronquées. Ces nouveaux modèles nous ont permis d'améliorer les performances de solutions existantes et de découvrir de nouveaux distingueurs pour WARP (23 tours), Twine (15 et 16 tours) ainsi que pour LBlock-s (16 tours). Nous avons également trouvé de nouvelles attaques sur Rijndael (9 tours avec la version 128-160, 12 tours avec les versions 128-224 et 160-256) et sur WARP (26 tours)

Utilisation de la Programmation par contrainte appliquée à la cryptanalyse différentielle

International audienc

Contrainte globale abstractXOR : résultats de complexité et algorithmes de propagation

National audienc

Utilisation de la Programmation par contrainte appliquée à la cryptanalyse différentielle

International audienceUtilisation de la Programmation par contrainte appliquée à la cryptanalyse différentiell

Utilisation de la Programmation par contrainte appliquée à la cryptanalyse différentielle

International audienceUtilisation de la Programmation par contrainte appliquée à la cryptanalyse différentiell

Automatic boomerang attacks search on Rijndael

Boomerang attacks were introduced in 1999 by Wagner (The boomerang attack. In: Knudsen LR, editor. FSE’99. vol. 1636 of LNCS. Heidelberg: Springer; 1999. p. 156–70) as a powerful tool in differential cryptanalysis of block ciphers, especially dedicated to ciphers with good short differentials. They have been generalized to the related-key case by Biham et al. (Related-key boomerang and rectangle attacks. In: Cramer R, editor. Advances in Cryptology - EUROCRYPT 2005, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, May 22–26, 2005, Proceedings. vol. 3494 of Lecture Notes in Computer Science. Springer; 2005. p. 507–25. doi: 10.1007/11426639_30). In this article, we show how to adapt the model proposed in 2020 by Delaune et al. (Catching the fastest boomerangs application to SKINNY. IACR Trans Symm Cryptol. 2020;2020(4):104–29) for related-key boomerang attacks on the block cipher SKINNY to the Rijndael case. Rijndael is composed of 25 instances that could be seen as generalizations of the Advanced Encryption Standard. We detail our models and present the results we obtain concerning related-key boomerang attacks on Rijndael. Notably, we present a nine-round attack against Rijndael-128-160, which has 11 rounds and beats all previous cryptanalytic results against Rijdael-128-160