<p>Adopting an analytical standpoint, this paper classifies existing theoretical work on dependency relations in differential characteristics into two overarching categories. Re-examining both value-restriction techniques and the theory of quasi-differential trails, we identify a distinct class of nonlinear relations, which we term linearised nonlinear constraints (LNCs). We introduce a linearisation procedure that exploits linear dependencies between the inputs and outputs of active S-boxes, allowing LNCs to be located for any given differential characteristic. We then develop a three-stage evaluation framework that yields more reliable probability estimates for characteristics containing LNCs. Applying the framework to four published characteristics of <Emphasis FontCategory="NonProportional">GIFT-64</Emphasis> shows that their right-key spaces are strict subsets of the full key space and that their residual probabilities deviate from the values previously claimed. For <Emphasis FontCategory="NonProportional">GIFT-128</Emphasis> we uncover six characteristics subject to LNCs and reveal inconsistencies in the linear and linearised nonlinear constraints underlying the two differentials employed in the best known attack on the cipher. Finally, the linearisation method and three-stage evaluation naturally extend to ciphers based on the Generalised Feistel Network, enabling us to instantiate both linear and nonlinear constraints in <Emphasis FontCategory="NonProportional">WARP</Emphasis>. These results demonstrate the practical utility of our approach in refining security assessments across a range of lightweight block ciphers.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

A linearisation method for identifying dependencies in differential characteristics: examining the intersection of deterministic linear relations and nonlinear constraints

  • Ling Sun

摘要

Adopting an analytical standpoint, this paper classifies existing theoretical work on dependency relations in differential characteristics into two overarching categories. Re-examining both value-restriction techniques and the theory of quasi-differential trails, we identify a distinct class of nonlinear relations, which we term linearised nonlinear constraints (LNCs). We introduce a linearisation procedure that exploits linear dependencies between the inputs and outputs of active S-boxes, allowing LNCs to be located for any given differential characteristic. We then develop a three-stage evaluation framework that yields more reliable probability estimates for characteristics containing LNCs. Applying the framework to four published characteristics of GIFT-64 shows that their right-key spaces are strict subsets of the full key space and that their residual probabilities deviate from the values previously claimed. For GIFT-128 we uncover six characteristics subject to LNCs and reveal inconsistencies in the linear and linearised nonlinear constraints underlying the two differentials employed in the best known attack on the cipher. Finally, the linearisation method and three-stage evaluation naturally extend to ciphers based on the Generalised Feistel Network, enabling us to instantiate both linear and nonlinear constraints in WARP. These results demonstrate the practical utility of our approach in refining security assessments across a range of lightweight block ciphers.