首页|Constructing the Impossible Differential of Type-Ⅱ GFN with Boolean Function and Its Application to WARP
Constructing the Impossible Differential of Type-Ⅱ GFN with Boolean Function and Its Application to WARP
扫码查看
点击上方二维码区域,可以放大扫码查看
原文链接
万方数据
Type-Ⅱ generalized Feistel network(GFN)has attracted a lot of attention for its simplicity and high parallelism.Impossible differential attack is one of the powerful cryptanalytic approaches for word-oriented block ci-phers such as Feistel-like ciphers.We deduce the impossible differential of Type-Ⅱ GFN by analyzing the Boolean function in the middle round.The main idea is to investigate the expression with the variable representing the plain-text(ciphertext)difference words for the internal state words.By adopting the miss-in-the-middle approach,we can construct the impossible differential of Type-Ⅱ GFN.As an illustration,we apply this approach to WARP,a lightweight 128-bit block cipher with a 128-bit key which was presented by Banik et al.at SAC 2020.The structure of WARP is a 32-branch Type-Ⅱ GFN.Therefore,we find two 21-round truncated impossible differentials and imple-ment a 32-round key recovery attack on WARP.For the 32-round key recovery attack on WARP,some observa-tions are used to mount an effective attack.Taking the advantage of the early abort technique,the data,time,and memory complexities are 2125.69 chosen plaintexts,2126.68 32-round encryptions,and 2100-bit,repectively.To the best of our knowledge,this is the best attack on WARP in the single-key scenario.
WARPFeistel cipherImpossible differential attack
Jiali SHI、Guoqiang LIU、Chao LI
展开 >
College of Liberal Arts and Sciences,National University of Defense Technology,Changsha 410000,China
Hunan Engineering Research Center of Commercial Cryptography Theory and Technology Innovation,Changsha 410000,China
State Key Laboratory of Information Security,Institute of Information Engineering,Beijing 100000,China
National Natural Science Foundation of ChinaNational Natural Science Foundation of China
万方数据
