MILP-aided bit-based division property for primitives with non-bit-permutation linear layers

摘要

In this study, the authors settle the feasibility of mixed integer linear programming (MILP)-aided bit-based division property for ciphers with non-bit-permutation linear layers. First, they transform the complicated linear layers to their primitive representations. Then, the original Copy and exclusive OR models are generalised, and these models are exploited to depict the primitive representations. Accord- ingly, the MILP-aided bit-based division property can be applied to much more primitives with complicated linear layers. As an illus- tration, they rst evaluate the bit-based division properties of some word-oriented block ciphers. For Midori64, they obtain a 7-round integral distinguisher, which achieves one more round than the previous results. At the same time, the data requirements of some existing distinguishers are also reduced. They decrease the data complexities of 4-round and 5-round distinguishers for LED and Joltik-BC by half. Then, the bit-based division properties of some bit-oriented ciphers such as Serpent and Noekeon are considered. The data complexities of their distinguishers for short rounds are reduced. Besides, they evaluate the bit-based division properties of the internal permutations in some hash functions. An 18-round zero-sum distinguisher for SPONGENT-88 is proposed, which achieves four more rounds than the previous ones. Some integral distinguishers for PHOTON permutations are improved.