Open AccessNew method to describe the differential distribution table for large S‐boxes in MILP and its application
Author(s) -
Li LingChen,
Wu WenLing,
Zhang Lei,
Zheng YaFei
Publication year - 2019
Publication title -
iet information security
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.308
H-Index - 34
eISSN - 1751-8717
pISSN - 1751-8709
DOI - 10.1049/iet-ifs.2018.5284
Subject(s) - table (database) , differential (mechanical device) , computer science , mathematics , distribution (mathematics) , algorithm , mathematical optimization , data mining , mathematical analysis , physics , thermodynamics
Based on the method of the H‐representation of the convex hull, the linear inequalities of all possible differential patterns of 4‐bit S‐boxes in the mix integer linear programming (MILP) model can be generated easily by the SAGE software. Whereas this method cannot be apply to 8‐bit S‐boxes. In this study, the authors propose a new method to obtain the inequalities for large S‐boxes with the coefficients belonging to integer. The relationship between the coefficients of the inequalities and the corresponding excluded impossible differential patterns is obtained. As a result, the number of inequalities can be lower than 4000 for the AES S‐box. Then, the new method for finding the best probability of the differential characteristics of 4–15 rounds SM4 in the single‐key setting is presented. Especially, the authors found that the 15‐round SM4 exists four differential characteristics with 12 active S‐boxes. The exact lower bound of the number of differentially active S‐boxes of the 16‐round SM4 is 15. The authors also found eight differential characteristics of the 19‐round SM4 with the probability 2 − 124 .