Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Extended c-differential distinguishers of full 9 and reduced-round Kuznyechik cipher

Pantelimon Stanica, Ranit Dutta, Bimal Mandal

TL;DR

This work introduces truncated inner $c$-differentials to render $c$-differential uniformity practically applicable to block ciphers, establishing a duality that ties the inner uniformity of $F$ to the outer uniformity of $F^{-1}$. It develops a full statistical-d computational framework, including a truncated first-round model, adaptive significance thresholds, and meta-analytic techniques, and applies it to Kuznyechik (GOST R 34.12-2015). The authors report statistically significant non-random behavior across all tested rounds, with concrete 9-round results yielding biases up to $1.7\times$ and corrected $p$-values as low as $1.85\times 10^{-3}$, marking the first practical distinguisher against full 9-round Kuznyechik. These findings imply a non-negligible security margin for Kuznyechik against standard $c$-differential attacks and motivate further research into multi-round, key-dependent, and other cipher architectures under the new inner-differential paradigm.

Abstract

This paper introduces {\em truncated inner $c$-differential cryptanalysis}, a novel technique that for the first time enables the practical application of $c$-differential uniformity to block ciphers. While Ellingsen et al. (IEEE Trans. Inf. Theory, 2020) established the notion of $c$-differential uniformity using $(F(x\oplus a), cF(x))$, a key challenge remained: multiplication by $c$ disrupts the structural properties essential for block cipher analysis, particularly key addition. We resolve this challenge by developing an \emph{inner} $c$-differential approach where multiplication by $c$ affects the input: $(F(cx\oplus a), F(x))$. We prove that the inner $c$-differential uniformity of a function $F$ equals the outer $c$-differential uniformity of $F^{-1}$, establishing a fundamental duality. This modification preserves cipher structure while enabling practical cryptanalytic applications. Our main contribution is a comprehensive multi-faceted statistical-computational framework, implementing truncated $c$-differential analysis against the full 9-round Kuznyechik cipher with no key pre-whitening (the inner $c$-differentials are immune to the key whitening at the backend). Through extensive computational analysis involving millions of differential pairs, we demonstrate statistically significant non-randomness across all tested round counts. For the full 9-round cipher, we identify multiple configurations triggering critical security alerts, with bias ratios reaching $1.7\times$ and corrected p-values as low as $1.85 \times 10^{-3}$, suggesting insufficient security margin against this new attack vector. This represents the first practical distinguisher against a full 9-round Kuznyechik variant.

Extended c-differential distinguishers of full 9 and reduced-round Kuznyechik cipher

TL;DR

This work introduces truncated inner -differentials to render -differential uniformity practically applicable to block ciphers, establishing a duality that ties the inner uniformity of to the outer uniformity of . It develops a full statistical-d computational framework, including a truncated first-round model, adaptive significance thresholds, and meta-analytic techniques, and applies it to Kuznyechik (GOST R 34.12-2015). The authors report statistically significant non-random behavior across all tested rounds, with concrete 9-round results yielding biases up to and corrected -values as low as , marking the first practical distinguisher against full 9-round Kuznyechik. These findings imply a non-negligible security margin for Kuznyechik against standard -differential attacks and motivate further research into multi-round, key-dependent, and other cipher architectures under the new inner-differential paradigm.

Abstract

This paper introduces {\em truncated inner -differential cryptanalysis}, a novel technique that for the first time enables the practical application of -differential uniformity to block ciphers. While Ellingsen et al. (IEEE Trans. Inf. Theory, 2020) established the notion of -differential uniformity using , a key challenge remained: multiplication by disrupts the structural properties essential for block cipher analysis, particularly key addition. We resolve this challenge by developing an \emph{inner} -differential approach where multiplication by affects the input: . We prove that the inner -differential uniformity of a function equals the outer -differential uniformity of , establishing a fundamental duality. This modification preserves cipher structure while enabling practical cryptanalytic applications. Our main contribution is a comprehensive multi-faceted statistical-computational framework, implementing truncated -differential analysis against the full 9-round Kuznyechik cipher with no key pre-whitening (the inner -differentials are immune to the key whitening at the backend). Through extensive computational analysis involving millions of differential pairs, we demonstrate statistically significant non-randomness across all tested round counts. For the full 9-round cipher, we identify multiple configurations triggering critical security alerts, with bias ratios reaching and corrected p-values as low as , suggesting insufficient security margin against this new attack vector. This represents the first practical distinguisher against a full 9-round Kuznyechik variant.

Paper Structure

This paper contains 22 sections, 2 theorems, 23 equations, 4 figures, 2 tables, 4 algorithms.

Table of Contents

  1. Introduction
  2. Preliminaries
  3. Inner $c$-Differentials
  4. Truncated $c$-Differential Distinguisher Methodology
  5. Truncated Model for Practical Analysis
  6. Statistical Methodology
  7. Enhanced $c$-Differential Uniformity Analysis for Kuznyechik
  8. Design Rationale:
  9. Implementation Optimizations:
  10. Analysis of Cryptanalytic Data and Implications
  11. Analysis of Cryptanalytic Data and Implications
  12. Analysis of Cryptanalytic Data
  13. High-Round Vulnerabilities (8 and 9 Rounds)
  14. Mid-Round Anomalies (5, 6, and 7 Rounds)
  15. Low-Round Vulnerabilities (1--4 Rounds)
  16. ...and 7 more sections

Key Result

Theorem 1

Let $F$ be a permutation polynomial over $\mathbb{F}_{2^n}$. Then, for any $a,b,c\in\mathbb{F}_{2^n}$ with $c\neq 0$:

Figures (4)

  • Figure 1: An example of the Sequential Probability Ratio Test (SPRT) implemented in the approach. The test stops as soon as the Log-Likelihood Ratio (LLR) of an observed differential crosses the upper acceptance boundary, confirming a statistically significant bias long before the maximum number of trials is reached.
  • Figure 2: Comparison of the highest statistical significance achieved for each $c$ value against 9-round Kuznyechik (Seed 42 data). The y-axis shows the -log$_{10}$ of the minimum corrected p-value, so taller bars indicate stronger evidence against randomness. Only $c=\texttt{0x04}$ and $c=\texttt{0xe1}$ achieved FDR-corrected significance, surpassing the threshold where standard differential analysis ($c=\texttt{0x01}$) failed.
  • Figure :
  • Figure :

Theorems & Definitions (3)

  • Theorem 1
  • proof
  • Lemma 2: Structural Preservation