ANALYSIS OF CRYPTOGRAPHIC RESISTANCE OF ITERATIVE ALGORITHMS BASED ON CONSIDERATION OF ITERATIVE DIFFERENTIAL CHARACTERISTICS
DOI:
https://doi.org/10.35546/kntu2078-4481.2025.4.3.24Keywords:
Symmetric ciphers, Differential cryptanalysis, Differential characteristic, Iterative differential characteristic, DES, AsconAbstract
The experiments on searching for the best (with maximum probability) differential characteristics (DC) for the well- known DES algorithm is performed. It was demonstrated for the DES algorithm that in the best DCs with a large number of rounds (more than 10), about 70% of the rounds are covered by the iterative DC. Based on these facts, an improved method for estimating the probability of the best DCs for the DES algorithm was proposed. Estimation was performed using various methods. It was assumed that for other iterative algorithms in the best multi-round DCs a significant percentage of rounds will also be covered by iterative DCs. A review of the existing results of estimating the differential properties of the Ascon algorithm (NIST SP 800-232 standard) was made. Information about the minimum number of active substitutions is known: for 2 rounds, the minimum number is at least 4, for 3 rounds – at least 15. The results of the search for DHs for the p-transformation of the Ascon algorithm for 5 or more rounds are also known: no DH with the number of active S-blocks less than 64 was found. It is also noted that the search was carried out by selecting a small number of active S-blocks in the middle rounds, and then moving to the initial and final rounds, where, of course, the number of active S-boxes will grow rapidly. It is clear that such an approach and the resulting estimate cannot be considered accurate and final. In our opinion, a smaller total number of active S-boxes can be obtained by preliminary searching for iterative DHs and their subsequent use. The possibility of performing a search for the best DHs for Ascon algorithm based on consideration of iterative differential characteristics is discussed. An algorithm for searching for iterative differential characteristics for modern ciphers is proposed.
References
Data encryption standard. Federal Information Processing Standards Publication 46, U.S. Department of Commerce/National Bureau of Standards, National Technical Information Service, Springfield, Virginia, 1977 (revised as FIPS 46-1:1988; FIPS 46-2:1993).
A. Poschmann, G. Leander, K. Schramm, and C. Paar. New light-weight crypto algorithms for RFID, Proceedings in 2007 IEEE International Symposium on Circuits and Systems. IEEE, 2007, pp. 1843–1846. https://doi.org/10.1109/ISCAS.2007.378273
P. K. Kushwaha, M. Singh, and P. Kumar. A survey on lightweight block ciphers. International Journal of Computer Applications, vol. 96, no. 17, 2014. https://doi.org/10.1109/MDT.2007.178.
J.-P. Kaps. Chai-tea, cryptographic hardware implementations of XTEA. International Conference on Cryptology in India. Springer, 2008, pp. 363–375. https://doi.org/10.1007/978-3-540-89754-5_28
E. Yarrkov. Cryptanalysis of XXTEA [Electronic resource]. IACR Cryptology ePrint Archive, Report 2010/254, 2010. http://https://eprint.iacr.org/2010/254.pdf.
Biham, E., Shamir, A. Differential Cryptanalysis of the Full 16-Round DES. In: Differential Cryptanalysis of the Data Encryption Standard. Springer, New York, NY. https://doi.org/10.1007/978-1-4613-9314-6_5
Lightweight cryptography project of the American National Institute of Standards and Technology [Electronic resource], 2015. https://csrc.nist.gov/projects/ lightweight-cryptography.
Matsui, M. On correlation between the order of S-boxes and the strength of DES. In: EUROCRYPT 1994, Perugia, Italy, 9-12 May. pp. 366–375. Springer, Heidelberg. https://dx.doi.org/10.1007/BFb0053451
L. Knudsen. Iterative characteristics of DES and s2-DES. Advances in Cryptology – Crypto'92. Springer Verlag, LNCS 746, pp. 497-511, Berlin Heidelberg 1993. https://dx.doi.org/10.1007/3-540-48071-4_35
K. Kim. Construction of DES-like S-boxes Based on Boolean Function Satisfying the SAK. Proceedings Of Asiacrypt’91, pp. 59-72, Fujiyoshida, Japan, 1991. https://dx.doi.org/10.1007/3-540-57332-1_5
В. І. Долгов, І. В. Лисицька, В. І. Руженцев. Забезпечення стійкости шифра DES до атак диференціального криптоаналіза. Перекриття характеристик обнуляючого типа и чотирициклових ітеративних характеристик. Радіотехника : Всеукр. межвід. наук.–техн. зб. 2001. Вип. 120. С. 192–198.
В.І. Долгов, І. В. Лисицька, В. І. Руженцев. Забезпечення стійкости шифра DES до атак диференціального криптоаналіза перекриття шести-, восьми- і десятициклових ітеративних характеристик. Радіотехніка : Всеукр. межвід. наук.–техн. зб. 2002. Вип. 124. С. 182–189.
Christoph Dobraunig, Maria Eichlseder, Florian Mendel, and Martin Schläffer. Ascon v1.2. [Electronic resource] Submission to NIST, 2019. https://csrc.nist.gov/CSRC/media/Projects/lightweight-cryptography/documents/round-2/spec-doc-rnd2/ascon-spec-round2.pdf.
Ascon-Based Lightweight Cryptography Standards for Constrained Devices. Authenticated Encryption, Hash, and Extendable Output Functions [Electronic resource]. National Institute of Standards and Technology, 2025 (NIST Special Publication 800 NIST SP 800-232). https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-232.pdf
Christoph Dobraunig, Maria Eichlseder, Florian Mendel and Martin Schlaffer. Cryptanalysis of Ascon [Electronic resource]. Cryptology ePrint Archive, Report 2015/030, 2015. https://eprint.iacr.org/2015/030.pdf.
