Several MILP-Aided Attacks Against SNOW 2.0

SNOW 2.0 is a software-oriented stream cipher and internationally standardized by ISO/IEC 18033-4. In this paper, we present three attacks on SNOW 2.0 by MILP-aided automatic search algorithms. First, we present an efficient algorithm to find linear masks with the high correlation. It enables us to improve time and data complexities of the known fast correlation attacks. Then we propose a 17-round integral distinguisher out of 32 rounds by evaluating the propagation of the division property. Moreover, we propose a cube attack on the 14-round SNOW 2.0. The time complexity is \(2^{61.59}\) where \(2^{39}\) chosen IVs are required. As far as we know, these are the first investigations about integral and cube attacks of SNOW 2.0, respectively.

[1]  Keting Jia,et al.  New Automatic Search Tool for Impossible Differentials and Zero-Correlation Linear Approximations , 2016, IACR Cryptol. ePrint Arch..

[2]  Thomas Johansson,et al.  A New Version of the Stream Cipher SNOW , 2002, Selected Areas in Cryptography.

[3]  Philip Hawkes,et al.  Guess-and-Determine Attacks on SNOW , 2002, Selected Areas in Cryptography.

[4]  Adi Shamir,et al.  Cube Attacks on Tweakable Black Box Polynomials , 2009, IACR Cryptol. ePrint Arch..

[5]  Yu Sasaki,et al.  New Impossible Differential Search Tool from Design and Cryptanalysis Aspects - Revealing Structural Properties of Several Ciphers , 2017, EUROCRYPT.

[6]  Serge Vaudenay,et al.  Faster Correlation Attack on Bluetooth Keystream Generator E0 , 2004, CRYPTO.

[7]  Johan Wallén Linear Approximations of Addition Modulo 2n , 2003, FSE.

[8]  Dong Hoon Lee,et al.  Cryptanalysis of Sosemanuk and SNOW 2.0 Using Linear Masks , 2008, ASIACRYPT.

[9]  Yosuke Todo,et al.  Improved Division Property Based Cube Attacks Exploiting Algebraic Properties of Superpoly , 2018, IEEE Transactions on Computers.

[10]  Lei Hu,et al.  Automatic Enumeration of (Related-key) Differential and Linear Characteristics with Predefined Properties and Its Applications , 2014, IACR Cryptol. ePrint Arch..

[11]  Alex Biryukov,et al.  A Distinguishing Attack of SNOW 2.0 with Linear Masking Method , 2003, Selected Areas in Cryptography.

[12]  Shai Halevi,et al.  Cryptanalysis of Stream Ciphers with Linear Masking , 2002, CRYPTO.

[13]  Dongdai Lin,et al.  Applying MILP Method to Searching Integral Distinguishers Based on Division Property for 6 Lightweight Block Ciphers , 2016, ASIACRYPT.

[14]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[15]  Vincent Rijmen,et al.  The Design of Rijndael , 2002, Information Security and Cryptography.

[16]  Willi Meier,et al.  Fast correlation attacks on certain stream ciphers , 1989, Journal of Cryptology.

[17]  Yosuke Todo,et al.  Bit-Based Division Property and Application to Simon Family , 2016, FSE.

[18]  Thomas Johansson,et al.  SNOW - A new stream cipher , 2000 .

[19]  Yosuke Todo,et al.  Structural Evaluation by Generalized Integral Property , 2015, EUROCRYPT.

[20]  Lei Hu,et al.  MILP-Based Automatic Search Algorithms for Differential and Linear Trails for Speck , 2016, FSE.

[21]  Lei Hu,et al.  Automatic Security Evaluation and (Related-key) Differential Characteristic Search: Application to SIMON, PRESENT, LBlock, DES(L) and Other Bit-Oriented Block Ciphers , 2014, ASIACRYPT.

[22]  Kaisa Nyberg,et al.  Improved Linear Distinguishers for SNOW 2.0 , 2006, FSE.

[23]  Dawu Gu,et al.  Differential and Linear Cryptanalysis Using Mixed-Integer Linear Programming , 2011, Inscrypt.

[24]  Wei Wang,et al.  Automatic Search of Bit-Based Division Property for ARX Ciphers and Word-Based Division Property , 2017, ASIACRYPT.

[25]  Yosuke Todo,et al.  Cube Attacks on Non-Blackbox Polynomials Based on Division Property , 2018, IEEE Transactions on Computers.

[26]  Antoine Joux,et al.  Fast Correlation Attacks: An Algorithmic Point of View , 2002, EUROCRYPT.

[27]  Bin Zhang,et al.  Multiset Collision Attacks on Reduced-Round SNOW 3G and SNOW 3G (+) , 2010, ACNS.

[28]  Bin Zhang,et al.  Fast Correlation Attacks over Extension Fields, Large-Unit Linear Approximation and Cryptanalysis of SNOW 2.0 , 2015, CRYPTO.