Improved Automatic Search Tool for Related-Key Differential Characteristics on Byte-Oriented Block Ciphers

Abstract

The security of modern block ciphers against related-key attacks, especially the automatic search algorithm for the related-key differential characteristics, attaches a lot of academic attention in recent years. Many search algorithms have been proposed, including depth-first algorithm, breadth-first algorithm and mixed-integer linear programming algorithm. However, the algorithm with reasonable time and memory is still very ad hoc. In this paper, we propose a heuristic algorithm for automatic search for related-key truncated differential characteristics. The goal of our tool is to output a good characteristic within reasonable time and memory, so that it can be used to evaluate the resistance against related-key differential attacks. Our tool combines the precomputation phase of breadth-first algorithm and the depth-first algorithm. To demonstrate the usefulness of our approach, we apply our tool to AES, Deoxys, Joltik and Midori. For AES, we for the first time get a searching result of the best related-key differential characteristic on 10-round AES-128 using the truncated differential form directly. For Deoxys and Joltik, we get more results than the designers under the related-key related-tweak setting. For Midori, we get a two-round related-key cyclic characteristic with weight two, which means that Midori is weak under the related-key setting. We also give a way to calculate the complexity of depth-first algorithm, breadth-first algorithm and our heuristic algorithm, and this is meaningful for us to choose the proper parameters of the algorithm to make the search feasible.