CryptoDB
Integral Cryptanalysis of WARP based on Monomial Prediction
| Authors: |
|
|---|---|
| Download: | |
| Abstract: | WARP is a 128-bit block cipher published by Banik et al. at SAC 2020 as a lightweight alternative to AES. It is based on a generalized Feistel network and achieves the smallest area footprint among 128-bit block ciphers in many settings. Previous analysis results include integral key-recovery attacks on 21 out of 41 rounds. In this paper, we propose integral key-recovery attacks on up to 32 rounds by improving both the integral distinguisher and the key-recovery approach substantially. For the distinguisher, we show how to model the monomial prediction technique proposed by Hu et al. at ASIACRYPT 2020 as a SAT problem and thus create a bit-oriented model of WARP taking the key schedule into account. Together with two additional observations on the properties of WARP’s construction, we extend the best previous distinguisher by 2 rounds (as a classical integral distinguisher) or 4 rounds (for a generalized integral distinguisher). For the key recovery, we create a graph-based model of the round function and demonstrate how to manipulate the graph to obtain a cipher representation amenable to FFT-based key recovery. |
BibTeX
@article{tosc-2022-32081,
title={Integral Cryptanalysis of WARP based on Monomial Prediction},
journal={IACR Transactions on Symmetric Cryptology},
publisher={Ruhr-Universität Bochum},
volume={2022, Issue 2},
pages={92-112},
url={https://tosc.iacr.org/index.php/ToSC/article/view/9715},
doi={10.46586/tosc.v2022.i2.92-112},
author={Hosein Hadipour and Maria Eichlseder},
year=2022
}