講演抄録/キーワード |
講演名 |
2023-05-17 15:55
[招待講演]An Efficient Strategy to Construct a Better Differential on Multiple-Branch-Based Designs: Application to Orthros (from CT-RSA 2023) ○Kazuma Taka・Kosei Sakamoto(Hyogo Univ.)・Tatsuya Ishikawa(WDB KOUGAKU Co.,Ltd.)・Takanori Isobe(Hyogo Univ.) ISEC2023-12 |
抄録 |
(和) |
As low-latency designs tend to have a small number of rounds to decrease latency, the differential-type cryptanalysis can become a significant threat to them.
In particular, since a multiple-branch-based design, such as {sf Orthros} can have the strong clustering effect on differential attacks due to its large internal state, it is crucial to investigate the impact of the clustering effect in such a design.
In this paper, we present a new SAT-based automatic search method for evaluating the clustering effect in the multiple-branch-based design.
By exploiting an inherent trait of multiple-branch-based designs, our method enables highly efficient evaluations of clustering effects on this-type designs.
We apply our method to the low-latency PRF {sf Orthros}, and show a best differential distinguisher reaching up to 7 rounds of {sf Orthros} with $2^{116.806}$ time/data complexity and 9-round distinguisher for each underlying permutation which is 2 more rounds than known longest distinguishers.
Besides, we update the designer's security bound for differential attacks based on the lower bounds for the number of active S-boxes, and obtain the optimal differential characteristic of {sf Orthros}, {sf Branch 1}, and {sf Branch 2} for the first time.
Consequently, we improve the designer's security bound from 9/12/12 to 7/10/10 rounds for {sf Orthros}/{sf Branch 1}/{sf Branch 2} based on a single differential characteristic. |
(英) |
As low-latency designs tend to have a small number of rounds to decrease latency, the differential-type cryptanalysis can become a significant threat to them.
In particular, since a multiple-branch-based design, such as {sf Orthros} can have the strong clustering effect on differential attacks due to its large internal state, it is crucial to investigate the impact of the clustering effect in such a design.
In this paper, we present a new SAT-based automatic search method for evaluating the clustering effect in the multiple-branch-based design.
By exploiting an inherent trait of multiple-branch-based designs, our method enables highly efficient evaluations of clustering effects on this-type designs.
We apply our method to the low-latency PRF {sf Orthros}, and show a best differential distinguisher reaching up to 7 rounds of {sf Orthros} with $2^{116.806}$ time/data complexity and 9-round distinguisher for each underlying permutation which is 2 more rounds than known longest distinguishers.
Besides, we update the designer's security bound for differential attacks based on the lower bounds for the number of active S-boxes, and obtain the optimal differential characteristic of {sf Orthros}, {sf Branch 1}, and {sf Branch 2} for the first time.
Consequently, we improve the designer's security bound from 9/12/12 to 7/10/10 rounds for {sf Orthros}/{sf Branch 1}/{sf Branch 2} based on a single differential characteristic. |
キーワード |
(和) |
Differential cryptanalysis / Clustering effect / Multiple-branch- based designs / Orthros / SAT-based automatic search method / / / |
(英) |
/ / / / / / / |
文献情報 |
信学技報, vol. 123, no. 26, ISEC2023-12, pp. 65-65, 2023年5月. |
資料番号 |
ISEC2023-12 |
発行日 |
2023-05-10 (ISEC) |
ISSN |
Online edition: ISSN 2432-6380 |
著作権に ついて |
技術研究報告に掲載された論文の著作権は電子情報通信学会に帰属します.(許諾番号:10GA0019/12GB0052/13GB0056/17GB0034/18GB0034) |
PDFダウンロード |
ISEC2023-12 |
|