Modeling Linear and Non-linear Layers: An MILP Approach Towards Finding Differential and Impossible Differential Propagations
Debranjan Pal, Vishal Pankaj Chandratreya, Abhijit Das, Dipanwita Roy Chowdhury
TL;DR
This work tackles the problem of evaluating resistance to differential and impossible differential cryptanalysis by modeling cryptographic primitives with MILP. It introduces two novel inequality-selection algorithms (Greedy Random-Tiebreaker and Subset Addition), a new XOR-based linear-layer model, and an automatic MILP-based search tool that can generate differential and impossible differential propagations for SPN-block ciphers. The methods yield tighter bounds on the minimum number of active SBoxes and reduced inequality counts across multiple lightweight ciphers (Lilliput, Gift64, Skinny64, Klein, MIBS), with substantial speedups achieved through multithreading and optimized modeling. Collectively, these contributions enhance automatic differential/analyzer tooling and provide practical insights for designing more robust lightweight ciphers with provable resistance characteristics.
Abstract
Symmetric key cryptography stands as a fundamental cornerstone in ensuring security within contemporary electronic communication frameworks. The cryptanalysis of classical symmetric key ciphers involves traditional methods and techniques aimed at breaking or analyzing these cryptographic systems. In the evaluation of new ciphers, the resistance against linear and differential cryptanalysis is commonly a key design criterion. The wide trail design technique for block ciphers facilitates the demonstration of security against linear and differential cryptanalysis. Assessing the scheme's security against differential attacks often involves determining the minimum number of active SBoxes for all rounds of a cipher. The propagation characteristics of a cryptographic component, such as an SBox, can be expressed using Boolean functions. Mixed Integer Linear Programming (MILP) proves to be a valuable technique for solving Boolean functions. We formulate a set of inequalities to model a Boolean function, which is subsequently solved by an MILP solver. To efficiently model a Boolean function and select a minimal set of inequalities, two key challenges must be addressed. We propose algorithms to address the second challenge, aiming to find more optimized linear and non-linear components. Our approaches are applied to modeling SBoxes (up to six bits) and EXOR operations with any number of inputs. Additionally, we introduce an MILP-based automatic tool for exploring differential and impossible differential propagations within a cipher. The tool is successfully applied to five lightweight block ciphers: Lilliput, GIFT64, SKINNY64, Klein, and MIBS.