Truncated Differential Attacks on Contracting Feistel Ciphers

Authors

  • Tim Beyne imec - Computer Security and Industrial Cryptography (COSIC) Research Group, Department of Electrical Engineering (ESAT), KU Leuven, Belgium
  • Yunwen Liu Independent researcher, China

DOI:

https://doi.org/10.46586/tosc.v2022.i2.141-160

Keywords:

Truncated differentials, Contracting Feistel ciphers, SMT, GMiMC, SM-4

Abstract

We improve truncated differential attacks on t-branch contracting Feistel ciphers with a domain size of Nt. Based on new truncated differentials, a generic distinguisher for t2 + t − 2 rounds using O(Nt−1) data and time is obtained. In addition, we obtain a key-recovery attack on t2 + 1 rounds with Õ(Nt−2) data and Õ(Nt−1) time. Compared to previous results by Guo et al. (ToSC 2016), our attacks cover more rounds with a lower data-complexity. Applications of the generic truncated differential to concrete ciphers include full-round attacks on some instances of GMiMC-crf, and the best-known key-recovery attack on 17 rounds of the Chinese block cipher standard SM4. In addition, we propose an automated search method for truncated differentials using SMT, which is effective even for trails with probability below the probability of the truncated differential for a random permutation.

Downloads

Published

2022-06-10

Issue

Section

Articles

How to Cite

Truncated Differential Attacks on Contracting Feistel Ciphers. (2022). IACR Transactions on Symmetric Cryptology, 2022(2), 141-160. https://doi.org/10.46586/tosc.v2022.i2.141-160