International Association
for Cryptologic Research

At EUROCRYPT 2015, Todo proposed the division property. Since then, many researches about the division property had occurred in succession. Inspired by the bit-based division property on SIMON introduced by Todo and Morri at FSE 2016, we give a further understanding of bit-based division property and come up with a new method to reconsider the \textbf{Substitution} rule given by Todo. By integrating the method of division property with the concrete boolean function expressions of S-box, this new idea can help us trace the propagation of division property at the bit level and escape the tedious and direct application of the original propagation rules. Benefit from this fact, this method can be applied to find integral distinguishers for some bit-oriented block ciphers other than SIMON. Since this method replaces the \textbf{Substitution} rules with a subtle propagation table, we call it table-aided bit-based division property. In order to verify our new method, we apply it to find integral distinguishers for CipherFour. The experimental results indicate that the table-aided bit-based division property is indeed a valid and efficient tool to search for integral distinguishers for some bit-oriented block ciphers. To handle the huge memory complexity of utilizing this new method, we apply early reduce technique, which was proposed by Zhang and Wu at INDOCRYPT 2015. With the help early reduce technique, a 8-round higher-order integral distinguisher for RECTANGLE can be constructed, which attains one more round than the previous one proposed by the designers. For PRESENT, we can find new 5-round and 6-round integral distinguishers. As to SPONGENT-88, a new 14-round zero-sum distinguisher with data complexity $2^{80}$ can be found by combining our new method with previous techniques. The table-aided bit-based division property can also be applied to find integral distinguishers for some word-oriented block ciphers, like TWINE and LBlock. Although we do not find any new integral distinguishers for these two ciphers, we believe that considering the S-box at the bit level is of great importance even for a word-oriented block cipher.