Truncated Differential Attacks on Contracting Feistel Ciphers
DOI:
https://doi.org/10.46586/tosc.v2022.i2.141-160Keywords:
Truncated differentials, Contracting Feistel ciphers, SMT, GMiMC, SM-4Abstract
We improve truncated differential attacks on t-branch contracting Feistel ciphers with a domain size of Nt. Based on new truncated differentials, a generic distinguisher for t2 + t − 2 rounds using O(Nt−1) data and time is obtained. In addition, we obtain a key-recovery attack on t2 + 1 rounds with Õ(Nt−2) data and Õ(Nt−1) time. Compared to previous results by Guo et al. (ToSC 2016), our attacks cover more rounds with a lower data-complexity. Applications of the generic truncated differential to concrete ciphers include full-round attacks on some instances of GMiMC-crf, and the best-known key-recovery attack on 17 rounds of the Chinese block cipher standard SM4. In addition, we propose an automated search method for truncated differentials using SMT, which is effective even for trails with probability below the probability of the truncated differential for a random permutation.
Published
Issue
Section
License
Copyright (c) 2022 Tim Beyne, Yunwen Liu
This work is licensed under a Creative Commons Attribution 4.0 International License.