Abstract
WARP is a 128-bit lightweight block cipher presented by S. Banik et al. at SAC 2020. It is based on 32-nibble type-2 Generalised Feistel Network (GFN) structure and uses a permutation over nibbles to optimize the security and efficiency. The designers provided a lower bound on the number of active S-boxes but they did not provide the differential characteristics against these bounds. In this paper, we model the MILP problem for WARP and present the 18-round and 19-round differential characteristics with the probability of \(2^{-122}\) and \(2^{-132}\) respectively. We also present a key recovery attack on 21 rounds with the data complexity of \(2^{113}\) chosen plaintexts. To the best of our knowledge, this is the first key recovery attack against 21-round WARP using differential cryptanalysis.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Source code is available at https://github.com/tarunyadav/WARP-MILP.
- 2.
- 3.
In this calculation, we consider a pair (a, b) same as (b, a).
References
Abdelkhalek, A., Sasaki, Y., Todo, Y., Tolba, M., Youssef, A.M.: MILP modeling for (large) S-boxes to optimize probability of differential characteristics. IACR Trans. Symmetr. Cryptol. 2017(4), 99–129 (2017). https://doi.org/10.13154/tosc.v2017.i4.99-129. ISSN 2519-173X
Banik, S., et al.: WARP: revisiting GFN for lightweight 128-bit block cipher. In: Dunkelman, O., Jacobson, Jr., M.J., O’Flynn, C. (eds.) SAC 2020. LNCS, vol. 12804, pp. 535–564. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-81652-0_21
Biham, E., Shamir, A.: Differential cryptanalysis of the full 16-round DES. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 487–496. Springer, Heidelberg (1993). https://doi.org/10.1007/3-540-48071-4_34
Bogdanov, A., et al.: PRESENT: an ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74735-2_31
Daemen, J., Rijmen, V.: The Design of Rijndael. Springer, Heidelberg (2002). https://doi.org/10.1007/978-3-662-04722-4
Gohr, A.: Improving attacks on round-reduced Speck32/64 using deep learning. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11693, pp. 150–179. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26951-7_6
Gurobi Optimizer. http://www.gurobi.com
Knudsen, L., Robshaw, M.J.B.: Block Cipher Companion. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-17342-4. ISBN 978-3-642-17341-7
Kumar, M., Suresh, T.S., Pal, S.K., Panigrahi, A.: Optimal Differential Trails in Lightweight Block Ciphers ANU and PICO. Cryptologia 44(1), 68–78 (2020)
Logic Friday. http://sontrak.com/
Matsui, M.: On correlation between the order of S-boxes and the strength of DES. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 366–375. Springer, Heidelberg (1995). https://doi.org/10.1007/BFb0053451
Mouha, N., Wang, Q., Gu, D., Preneel, B.: Differential and linear cryptanalysis using mixed-integer linear programming. In: Wu, C.-K., Yung, M., Lin, D. (eds.) Inscrypt 2011. LNCS, vol. 7537, pp. 57–76. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34704-7_5
National Institute of Standards and Technology: Lightweight Cryptography, Finalists, NIST (2021)
Sun, S., Hu, L., Wang, P., Qiao, K., Ma, X., Song, L.: Automatic security evaluation and (related-key) differential characteristic search: application to SIMON, PRESENT, LBlock, DES(L) and other bit-oriented block ciphers. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014, Part I. LNCS, vol. 8873, pp. 158–178. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45611-8_9
Sun, S., et al.: Towards finding the best characteristics of some bit-oriented block ciphers and automatic enumeration of (related-key) differential and linear characteristics with predefined properties. Cryptology ePrint Archive, Report 2014/747 (2014)
Sasaki, Yu., Todo, Y.: New impossible differential search tool from design and cryptanalysis aspects. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017, Part III. LNCS, vol. 10212, pp. 185–215. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56617-7_7
Sasaki, Yu., Todo, Y.: New algorithm for modeling S-box in MILP based differential and division trail search. In: Farshim, P., Simion, E. (eds.) SecITC 2017. LNCS, vol. 10543, pp. 150–165. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-69284-5_11
Yadav, T., Kumar, M.: Differential-ML distinguisher: machine learning based generic extension for differential cryptanalysis. In: Longa, P., Rà fols, C. (eds.) LATINCRYPT 2021. LNCS, vol. 12912, pp. 191–212. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-88238-9_10
Zhu, B., Dong, X., Yu, H.: MILP-based differential attack on round-reduced GIFT. In: Matsui, M. (ed.) CT-RSA 2019. LNCS, vol. 11405, pp. 372–390. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-12612-4_19
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendix
Appendix
1.1 A Differential Characteristics (108) of 18-Round WARP with Probability of \(2^{-122}\)
No. | Input difference | Output difference |
---|---|---|
1 | 0x000af000faf000000a0000005f500050 | 0x00005000000a00070000000da7000dd0 |
2 | 0x00055000a75000000a000000aad00070 | 0x0000a000000f00050000000afd000aa0 |
3 | 0x000da000a5a000000a000000a5a00070 | 0x0000a000000f000f0000000fad0005a0 |
4 | 0x0005a000a5a0000005000000aa7000a0 | 0x00005000000a000a0000000a55000aa0 |
5 | 0x000aa000aa50000005000000aaa00050 | 0x00005000000a000a0000000aaf000ff0 |
6 | 0x000aa000aa5000000a000000daf00050 | 0x0000a000000a000500000005a5000da0 |
7 | 0x000ad000fa5000000a0000005ad000a0 | 0x0000a000000f000a0000000af7000a50 |
8 | 0x000aa000a5d000000a000000faa000d0 | 0x0000a000000f00050000000ff5000da0 |
9 | 0x0005a000aa70000005000000a55000a0 | 0x0000a0000005000a0000000faf000af0 |
10 | 0x000da000a5f00000050000007aa00070 | 0x0000a0000005000a000000057a000ff0 |
11 | 0x000da000a5a000000a000000a5a00070 | 0x0000a000000500050000000daf0005a0 |
12 | 0x0005a0005fa000000a000000adf000a0 | 0x0000a000000500050000000d750005a0 |
13 | 0x0005d000faa000000a000000aad00070 | 0x0000a000000a00050000000da5000aa0 |
14 | 0x0005a000ad50000005000000aa7000a0 | 0x0000a000000a000d0000000aaf000af0 |
15 | 0x000da000f5d000000a000000aaa00070 | 0x00005000000a00070000000dad000da0 |
16 | 0x0005f0007ad000000d000000aa5000a0 | 0x0000d000000a00070000000aa5000aa0 |
17 | 0x0005a000757000000d000000a57000a0 | 0x0000a000000a00050000000faf000da0 |
18 | 0x000aa000aaa000000a0000005a5000f0 | 0x0000a0000005000500000005aa000da0 |
19 | 0x0007d000a7a000000a000000dad00050 | 0x0000a000000a000a00000007da000aa0 |
20 | 0x000aa0005a5000000a000000aa5000f0 | 0x0000a000000a000500000005ad0005a0 |
21 | 0x000da000a5a000000d000000aaa000a0 | 0x0000a000000f00050000000ffa000ad0 |
22 | 0x000aa000a57000000d000000a5a000f0 | 0x0000a000000f000a00000005aa000da0 |
23 | 0x0005a000ad7000000d000000ad7000a0 | 0x000070000005000d0000000faa000da0 |
24 | 0x000aa000555000000a000000daa000a0 | 0x0000a000000d000500000005aa000ad0 |
25 | 0x000da000a5a000000a000000ada000a0 | 0x0000a000000f000500000005a5000aa0 |
26 | 0x000aa000aa7000000a000000dd500050 | 0x0000a000000d00050000000fad000aa0 |
27 | 0x000aa0007d70000005000000a5a00050 | 0x0000a000000a000f0000000da5000aa0 |
28 | 0x0005a000757000000d000000a5a000a0 | 0x0000a000000a000a00000005ad000aa0 |
29 | 0x000aa000aa70000005000000ad5000a0 | 0x0000f000000a000f00000007dd0005a0 |
30 | 0x0005a000daa000000a000000a55000a0 | 0x0000a000000f000d0000000daf000af0 |
31 | 0x000aa000dda000000a000000aa700050 | 0x0000a000000d000a0000000d7f000af0 |
32 | 0x000aa000a5a000000a000000daa000f0 | 0x0000a000000f00050000000fff000af0 |
33 | 0x000af0005aa000000a0000005a500050 | 0x0000a000000d000500000005a7000a50 |
34 | 0x000da000755000000d0000007aa00070 | 0x0000a0000005000f0000000aad000aa0 |
35 | 0x000aa000ada0000005000000aa700050 | 0x0000a000000a00050000000dad000aa0 |
36 | 0x0005a000ad50000005000000aaa000a0 | 0x0000a0000005000d0000000aaf000ff0 |
37 | 0x0005a0007da000000d000000ad7000a0 | 0x0000a000000f000a0000000aad000da0 |
38 | 0x000aa000aa70000005000000add00050 | 0x0000a0000005000500000005aa000aa0 |
39 | 0x000aa0007df0000005000000af7000a0 | 0x0000f000000f000a00000005aa000aa0 |
40 | 0x000aa000adf000000a0000005a700050 | 0x0000a000000a00050000000a5a000aa0 |
41 | 0x000aa000aaa000000a0000005f500050 | 0x0000a000000a000f00000005a50005a0 |
42 | 0x0007a000d5a00000070000005a700050 | 0x000050000007000a00000007dd000aa0 |
43 | 0x000aa000fa7000000a000000ddd00050 | 0x0000a000000a000500000005aa0005a0 |
44 | 0x000da0005aa000000a000000aa500070 | 0x0000a000000f000500000005aa000aa0 |
45 | 0x000a5000da5000000a000000aa500050 | 0x0000a0000005000d0000000fa7000ad0 |
46 | 0x000aa0005a7000000a0000005d500050 | 0x0000700000050005000000057f000af0 |
47 | 0x000aa000d5f000000a0000005aa00050 | 0x0000a000000f000500000005af000aa0 |
48 | 0x000aa000ada000000f000000f5a00050 | 0x0000f000000f000a0000000afd000aa0 |
49 | 0x000aa0005aa000000a000000a5a00050 | 0x0000a0000005000a0000000d7f000aa0 |
50 | 0x0005a000a5a000000d000000ada000a0 | 0x0000a0000005000d0000000d7d000d70 |
51 | 0x0005a000aa5000000f000000aad000a0 | 0x0000a000000a000a0000000daa000a50 |
52 | 0x000ad000da5000000a0000005aa00050 | 0x0000a000000a000a0000000af7000ad0 |
53 | 0x000da000a5f00000050000007a700070 | 0x0000a000000f000a00000005af000af0 |
54 | 0x000aa00055a000000a0000005a700050 | 0x0000a000000f000d0000000ff5000da0 |
55 | 0x000aa000aa5000000f000000fad000a0 | 0x0000f000000a000f0000000a55000aa0 |
56 | 0x000fa000a570000005000000ad7000f0 | 0x0000d000000a00070000000a57000a50 |
57 | 0x0005a000aff000000a000000aaa000a0 | 0x0000a000000d000f0000000d75000aa0 |
58 | 0x000aa000a550000005000000aaa000d0 | 0x0000a000000a000d0000000ad50005a0 |
59 | 0x0005a000a57000000a000000ad7000a0 | 0x0000a0000005000f0000000d77000ad0 |
60 | 0x0005a0005aa000000a000000aa5000a0 | 0x0000a000000d000a0000000d77000ad0 |
61 | 0x0005a000a5a000000f000000afa000a0 | 0x0000a0000005000d0000000daa000fd0 |
62 | 0x0005a00075a000000d000000aaa000a0 | 0x0000a000000500050000000fa70005d0 |
63 | 0x000aa000a5d000000a0000005aa00050 | 0x0000a000000d000d0000000d7a000a50 |
64 | 0x000aa000d5d0000007000000daa00050 | 0x0000f000000a000a0000000aaa000a50 |
65 | 0x000fa000aa7000000d000000ada000f0 | 0x0000a0000005000d00000005ad0005a0 |
66 | 0x000aa000f57000000a0000005da00050 | 0x0000d000000a00070000000755000fa0 |
67 | 0x000dd000aaa000000a000000aaa000a0 | 0x0000a000000f000d0000000daa000a50 |
68 | 0x000a5000a7a000000d000000aad000f0 | 0x00005000000a000a0000000aaa000a50 |
69 | 0x0005a000a570000005000000ada000a0 | 0x0000a000000500050000000faf000aa0 |
70 | 0x000aa000ffa000000a000000d5f00050 | 0x00005000000a000a0000000a5a000a50 |
71 | 0x000a5000aa5000000a000000da500050 | 0x0000f000000f000a0000000da7000ad0 |
72 | 0x0005a000f5a000000a000000a5a000a0 | 0x0000a000000a00050000000a5a000a50 |
73 | 0x0005a000ad5000000a000000aa7000a0 | 0x0000a000000f000d00000005aa000aa0 |
74 | 0x000aa00055a000000a000000dda00050 | 0x00005000000a00070000000add000aa0 |
75 | 0x000aa000a57000000a0000005da00050 | 0x0000a0000005000f00000005af000af0 |
76 | 0x000aa000d57000000a000000a5a000a0 | 0x0000a000000a000f00000005a7000f50 |
77 | 0x0005f000afa0000005000000aff000a0 | 0x00005000000a000a00000005aa000ad0 |
78 | 0x000aa000aaa000000a000000d5a00050 | 0x0000a00000050005000000057a000aa0 |
79 | 0x000aa000aa5000000f000000fa500050 | 0x0000a0000005000d0000000faf000af0 |
80 | 0x000aa00055a000000a0000005da00050 | 0x0000f000000f000a0000000daa0005d0 |
81 | 0x000aa000ad7000000d000000ad700050 | 0x000070000005000d0000000d7a0005a0 |
82 | 0x000aa0007aa0000005000000a5500050 | 0x0000a000000f000f00000005aa000da0 |
83 | 0x000aa000aaa000000a0000005a500050 | 0x0000a000000a000a0000000daa000ad0 |
84 | 0x000aa000d5a000000a000000daa000f0 | 0x0000d000000a00070000000ad7000a50 |
85 | 0x000aa0005aa000000a000000d5500050 | 0x0000a0000005000500000005ad000fa0 |
86 | 0x000aa0005aa000000a000000d5500050 | 0x0000a000000f000a0000000aaf0005a0 |
87 | 0x0005a000aaa0000005000000a55000a0 | 0x0000a0000005000a00000005af000aa0 |
88 | 0x000aa000ada000000d000000a57000d0 | 0x0000a0000005000f00000005aa000da0 |
89 | 0x0005a000aaa0000005000000a5d000a0 | 0x0000a000000a00050000000a5a000aa0 |
90 | 0x000aa000dd5000000a000000daa000d0 | 0x0000f000000a000a00000005ad000aa0 |
91 | 0x000aa000a5a000000a000000aaa00050 | 0x0000a000000a000f00000007d5000aa0 |
92 | 0x000aa0005f7000000a00000055a00050 | 0x0000a000000500050000000d77000fd0 |
93 | 0x0007a000dff000000a000000daa000d0 | 0x0000a0000005000d0000000aa7000a50 |
94 | 0x000aa000dda000000a000000fa700050 | 0x0000a000000a000a0000000fa5000da0 |
95 | 0x000ad000aa50000005000000aa500050 | 0x0000a000000a00050000000a5d0005a0 |
96 | 0x0005a0007d700000050000007d7000a0 | 0x0000a0000005000a00000005a50005a0 |
97 | 0x000aa000ad5000000a0000005aa00050 | 0x0000a000000a000a0000000a5a000aa0 |
98 | 0x000df000aaf000000d000000afd00070 | 0x0000a000000500050000000d75000aa0 |
99 | 0x000aa000a57000000a000000dda00050 | 0x0000a000000a000a0000000ada000af0 |
100 | 0x0005a000a57000000d000000a5a00070 | 0x00005000000a000a0000000a5a000aa0 |
101 | 0x000da000a5a000000a000000afa000a0 | 0x0000a0000005000f00000005ad000aa0 |
102 | 0x000a500057a000000a000000aad000a0 | 0x0000a000000a000f0000000aa5000aa0 |
103 | 0x00055000aaa000000d0000007af000a0 | 0x0000a000000a00050000000a55000fa0 |
104 | 0x0005f000aaf000000a000000af5000a0 | 0x0000a0000005000d0000000faa000aa0 |
105 | 0x0005a000a5f000000a000000afa000a0 | 0x00005000000a000a00000007da000aa0 |
106 | 0x000aa000aaa000000a00000055500050 | 0x0000a000000a000a0000000a55000aa0 |
107 | 0x0005a00075a000000d000000ada000a0 | 0x0000a000000f00050000000af5000aa0 |
108 | 0x000aa000a5a000000a0000005aa00050 | 0x0000a000000a00050000000755000aa0 |
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Kumar, M., Yadav, T. (2022). MILP Based Differential Attack on Round Reduced WARP. In: Batina, L., Picek, S., Mondal, M. (eds) Security, Privacy, and Applied Cryptography Engineering. SPACE 2021. Lecture Notes in Computer Science(), vol 13162. Springer, Cham. https://doi.org/10.1007/978-3-030-95085-9_3
Download citation
DOI: https://doi.org/10.1007/978-3-030-95085-9_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-95084-2
Online ISBN: 978-3-030-95085-9
eBook Packages: Computer ScienceComputer Science (R0)