| Integral cryptanalysis is an effective method in analysing block ciphers.It usually uses a zero-sum property of some positions in the ciphertext to construct integral distinguishers.In order to make full use of the nonlinear component,Todo proposed the division property and gave the generalized algorithm of searching integral distinguishers in EUROCRYPT 2015.In FSE 2016,Todo et al.applied the division property to bit-based block ciphers.However,bit-based division property usually involves large complexity.In ASIACRYPT 2016,Xiang et al.first used Mixed-Integer Linear Programming(MILP)model to characterize the division property and searched integral distinguishers for six lightweight block ciphers.The main results are as follows:(1)Based on a MILP model to search for division trails,we found a 9-round integral distinguishers for the lightweight block cipher PUFFIN.However,the distinguishing advantage of this distinguisher was small and the data complexity was high,therefore,the attack ineffective.In order to obtain a more effective attack,we searched for 8-round distinguishers and mounted key recovery attacks against 10-round PUFFIN.It is shown our attack can recover 100-bit round key.The data/time complexity of the attack is 254.81 chosen plaintext,and 267.4910-round encryption,and the space complexity is 220.Further,we can find more accurate 9-round integral distinguishers on PUFFIN using “Division Property using Three subsets”.(2)In order to gain better results,we considered the zero-sum property holding with a high probability.For the first time we proposed the construction of probabilistic integral distinguisher as well as the attack method based on conventional integral cryptanalysis.When applied to PUFFIN,a 7-round probability integral distinguisher is constructed and used to mount a 9-round attack.This attack can recover 92-bit round key.The data/time and space complexity is 224.8chosen plaintexts,and 235.489 round encryptions,and 220 respectively. |
PDF Full Text Request