Computing the Differential Probability of a Word-Based Block Cipheropen access
- Authors
- Kwon, Dawoon; Song, Junghwan
- Issue Date
- Jun-2025
- Publisher
- MDPI AG
- Keywords
- block cipher; differential cryptanalysis; differential probability; Midori64; SKINNY64; CRAFT; SAT solver; graph theory
- Citation
- Cryptography, v.9, no.2, pp 1 - 21
- Pages
- 21
- Indexed
- SCOPUS
ESCI
- Journal Title
- Cryptography
- Volume
- 9
- Number
- 2
- Start Page
- 1
- End Page
- 21
- URI
- https://scholarworks.bwise.kr/hanyang/handle/2021.sw.hanyang/207974
- DOI
- 10.3390/cryptography9020042
- ISSN
- 2410-387X
2410-387X
- Abstract
- Differential cryptanalysis is one of the fundamental cryptanalysis techniques to evaluate the security of the block cipher. In many cases, resistance to differential cryptanalysis is proven through the upper bound of the differential characteristic probability, not the differential probability. Since the attacker uses a differential rather than a differential characteristic, resistance based on a differential characteristic tends to overestimate the security level of the block cipher. Such an overestimation is notably observed in lightweight block ciphers SKINNY, Midori, and CRAFT. In this paper, we examine the gap between the differential characteristics and the differential probability of lightweight block ciphers. We present practical methods for computing differential probability using a multistage graph. Using these methods, we count the exact number of maximum differential characteristics with fixed plaintext/ciphertext difference and activity pattern. By the exact number of maximum differential characteristics, we can calculate the probability that is closer to the real differential probability. In addition, by modifying the method, we compute a more accurate differential probability by considering the characteristics of the lower probability. We find differential distinguishers of 9-round Midori64 with probability 2-61.58, 9-round SKINNY64 with 2-58.67 and 14-round CRAFT with 2-60.32. Furthermore, we find a related-tweakey differential distinguisher of 11-round SKINNY64-64 with 2-55.93 and a related-tweak differential distinguisher of 17-round CRAFT with probability 2-63.37. Finally, we explain why these gaps are notable in Midori64, SKINNY64 and CRAFT by relating the S-box differential distribution table.
- Files in This Item
-
Go to Link
- Appears in
Collections - 서울 자연과학대학 > 서울 수학과 > 1. Journal Articles

Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.