International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Paper: Integral Cryptanalysis of WARP based on Monomial Prediction

Authors:
Hosein Hadipour , Graz University of Technology, Graz, Austria
Maria Eichlseder , Graz University of Technology, Graz, Austria
Download:
DOI: 10.46586/tosc.v2022.i2.92-112
URL: https://tosc.iacr.org/index.php/ToSC/article/view/9715
Search ePrint
Search Google
Abstract: WARP is a 128-bit block cipher published by Banik et al. at SAC 2020 as a lightweight alternative to AES. It is based on a generalized Feistel network and achieves the smallest area footprint among 128-bit block ciphers in many settings. Previous analysis results include integral key-recovery attacks on 21 out of 41 rounds. In this paper, we propose integral key-recovery attacks on up to 32 rounds by improving both the integral distinguisher and the key-recovery approach substantially. For the distinguisher, we show how to model the monomial prediction technique proposed by Hu et al. at ASIACRYPT 2020 as a SAT problem and thus create a bit-oriented model of WARP taking the key schedule into account. Together with two additional observations on the properties of WARP’s construction, we extend the best previous distinguisher by 2 rounds (as a classical integral distinguisher) or 4 rounds (for a generalized integral distinguisher). For the key recovery, we create a graph-based model of the round function and demonstrate how to manipulate the graph to obtain a cipher representation amenable to FFT-based key recovery.
BibTeX
@article{tosc-2022-32081,
  title={Integral Cryptanalysis of WARP based on Monomial Prediction},
  journal={IACR Transactions on Symmetric Cryptology},
  publisher={Ruhr-Universität Bochum},
  volume={2022, Issue 2},
  pages={92-112},
  url={https://tosc.iacr.org/index.php/ToSC/article/view/9715},
  doi={10.46586/tosc.v2022.i2.92-112},
  author={Hosein Hadipour and Maria Eichlseder},
  year=2022
}