New method to describe the differential distribution table for large S-boxes in MILP and its application

Based on the method of the H-representation of the convex hull, the linear inequalities of all possible differential patterns of 4-bit S-boxes in the mix integer linear programming (MILP) model can be generated easily by the SAGE software. Whereas this method cannot be apply to 8-bit S-boxes. In thi...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:IET information security Ročník 13; číslo 5; s. 479 - 485
Hlavní autoři: Li, Ling-Chen, Wu, Wen-Ling, Zhang, Lei, Zheng, Ya-Fei
Médium: Journal Article
Jazyk:angličtina
Vydáno: The Institution of Engineering and Technology 01.09.2019
Témata:
AES S‐box
concave programming
convex hull
cryptography
differential distribution table
differential patterns
differentially active S‐boxes
H‐representation
integer programming
linear inequalities
linear programming
MILP
mix integer linear programming model
probability
Research Article
SAGE software
integer programming
MILP
differentially active S-boxes
differential patterns
probability
cryptography
linear programming
H-representation
convex hull
linear inequalities
mix integer linear programming model
AES S-box
differential distribution table
SAGE software
concave programming
ISSN:1751-8709, 1751-8717
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:Based on the method of the H-representation of the convex hull, the linear inequalities of all possible differential patterns of 4-bit S-boxes in the mix integer linear programming (MILP) model can be generated easily by the SAGE software. Whereas this method cannot be apply to 8-bit S-boxes. In this study, the authors propose a new method to obtain the inequalities for large S-boxes with the coefficients belonging to integer. The relationship between the coefficients of the inequalities and the corresponding excluded impossible differential patterns is obtained. As a result, the number of inequalities can be lower than 4000 for the AES S-box. Then, the new method for finding the best probability of the differential characteristics of 4–15 rounds SM4 in the single-key setting is presented. Especially, the authors found that the 15-round SM4 exists four differential characteristics with 12 active S-boxes. The exact lower bound of the number of differentially active S-boxes of the 16-round SM4 is 15. The authors also found eight differential characteristics of the 19-round SM4 with the probability $2^{ - 124}$2−124.
ISSN:1751-8709
1751-8717
DOI:10.1049/iet-ifs.2018.5284