New method to describe the differential distribution table for large S-boxes in MILP and its application

Based on the method of the H-representation of the convex hull, the linear inequalities of all possible differential patterns of 4-bit S-boxes in the mix integer linear programming (MILP) model can be generated easily by the SAGE software. Whereas this method cannot be apply to 8-bit S-boxes. In thi...

Full description

Saved in:
Bibliographic Details
Published in:IET information security Vol. 13; no. 5; pp. 479 - 485
Main Authors: Li, Ling-Chen, Wu, Wen-Ling, Zhang, Lei, Zheng, Ya-Fei
Format: Journal Article
Language:English
Published: The Institution of Engineering and Technology 01.09.2019
Subjects:
AES S‐box
concave programming
convex hull
cryptography
differential distribution table
differential patterns
differentially active S‐boxes
H‐representation
integer programming
linear inequalities
linear programming
MILP
mix integer linear programming model
probability
Research Article
SAGE software
integer programming
MILP
differentially active S-boxes
differential patterns
probability
cryptography
linear programming
H-representation
convex hull
linear inequalities
mix integer linear programming model
AES S-box
differential distribution table
SAGE software
concave programming
ISSN:1751-8709, 1751-8717
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Based on the method of the H-representation of the convex hull, the linear inequalities of all possible differential patterns of 4-bit S-boxes in the mix integer linear programming (MILP) model can be generated easily by the SAGE software. Whereas this method cannot be apply to 8-bit S-boxes. In this study, the authors propose a new method to obtain the inequalities for large S-boxes with the coefficients belonging to integer. The relationship between the coefficients of the inequalities and the corresponding excluded impossible differential patterns is obtained. As a result, the number of inequalities can be lower than 4000 for the AES S-box. Then, the new method for finding the best probability of the differential characteristics of 4–15 rounds SM4 in the single-key setting is presented. Especially, the authors found that the 15-round SM4 exists four differential characteristics with 12 active S-boxes. The exact lower bound of the number of differentially active S-boxes of the 16-round SM4 is 15. The authors also found eight differential characteristics of the 19-round SM4 with the probability $2^{ - 124}$2−124.
ISSN:1751-8709
1751-8717
DOI:10.1049/iet-ifs.2018.5284