MILP-Aided Security Evaluation of Differential Attacks on KCipher-2

Jin HOKI  Kosei SAKAMOTO  Fukang LIU  Kazuhiko MINEMATSU  Takanori ISOBE  

IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences   Vol.E104-A   No.1   pp.203-212
Publication Date: 2021/01/01
Online ISSN: 1745-1337
DOI: 10.1587/transfun.2020CIP0018
Type of Manuscript: Special Section PAPER (Special Section on Cryptography and Information Security)
stream cipher,  KCipher-2,  differential attack,  active S-box,  MILP,  

Full Text: PDF>>
Buy this Article

This paper investigates the security of KCipher-2 against differential attacks. We utilize an MILP-based method to evaluate the minimum number of active S-boxes in each round. We try to construct an accurate model to describe the 8-bit truncated difference propagation through the modular addition operation and the linear transformation of KCipher-2, respectively, which were omitted or simplified in the previous evaluation by Preneel et al. In our constructed model, the difference characteristics neglected in Preneel et al.'s evaluation can be taken into account and all valid differential characteristics can be covered. As a result, we reveal that the minimal number of active S-boxes is 25 over 15 rounds in the related IV setting and it is 17 over 24 rounds in the related IV-key setting. Therefore, this paper shows for the first time that KCipher-2 is secure against the related IV differential attack.