MILP‐based security evaluation for AEGIS/Tiaoxin‐346/Rocca
Abstract In this paper, the security of Advanced Encryption Standard‐based authenticated encryption schemes, including AEGIS family, Tiaoxin‐346, and Rocca by mixed integer linear programming tools is examined. Specifically, for the initialisation phase of AEGIS, Tiaoxin‐346, and Rocca, the security...
Main Authors: | , , , |
---|---|
Format: | Article |
Language: | English |
Published: |
Hindawi-IET
2023-05-01
|
Series: | IET Information Security |
Subjects: | |
Online Access: | https://doi.org/10.1049/ise2.12109 |
_version_ | 1797420947304611840 |
---|---|
author | Takuro Shiraya Nobuyuki Takeuchi Kosei Sakamoto Takanori Isobe |
author_facet | Takuro Shiraya Nobuyuki Takeuchi Kosei Sakamoto Takanori Isobe |
author_sort | Takuro Shiraya |
collection | DOAJ |
description | Abstract In this paper, the security of Advanced Encryption Standard‐based authenticated encryption schemes, including AEGIS family, Tiaoxin‐346, and Rocca by mixed integer linear programming tools is examined. Specifically, for the initialisation phase of AEGIS, Tiaoxin‐346, and Rocca, the security against differential attacks and integral attacks is evaluated by estimating the lower bounds for the number of active S‐boxes and utilising division property, respectively. In addition to the estimations of initialisation phases, the security of the encryption phases of AEGIS, Tiaoxin‐346, and Rocca against distinguishing attacks on keystream is evaluated by exploiting integral properties. As a result, the authors show that the initialisation phases of AEGIS‐128/128L/256, Tiaoxin‐346, and Rocca are secure against differential attacks after 4/3/6, 5, and 6 rounds, respectively. Regarding integral attacks, the distinguisher is found on 6/6/7, 15, and 7 rounds in the initialisation phases of AEGIS‐128/128L/256, Tiaoxin‐346, and Rocca, respectively. Additionally, the integral distinguisher is presented on 2/2/4, 4, and 4 rounds in the encryption phases of AEGIS‐128/128L/256, Tiaoxin‐346, and Rocca, respectively. As far as it is known, this study’s results are the first distinguishing attacks on the keystream on AEGIS, Tiaoxin‐346, and Rocca without relying on weak keys. |
first_indexed | 2024-03-09T07:09:50Z |
format | Article |
id | doaj.art-ea19c1221d8f4093a52907db7a748b09 |
institution | Directory Open Access Journal |
issn | 1751-8709 1751-8717 |
language | English |
last_indexed | 2024-03-09T07:09:50Z |
publishDate | 2023-05-01 |
publisher | Hindawi-IET |
record_format | Article |
series | IET Information Security |
spelling | doaj.art-ea19c1221d8f4093a52907db7a748b092023-12-03T09:15:33ZengHindawi-IETIET Information Security1751-87091751-87172023-05-0117345846710.1049/ise2.12109MILP‐based security evaluation for AEGIS/Tiaoxin‐346/RoccaTakuro Shiraya0Nobuyuki Takeuchi1Kosei Sakamoto2Takanori Isobe3Univercity of Hyogo Kobe Hyogo JapanUnivercity of Hyogo Kobe Hyogo JapanUnivercity of Hyogo Kobe Hyogo JapanUnivercity of Hyogo Kobe Hyogo JapanAbstract In this paper, the security of Advanced Encryption Standard‐based authenticated encryption schemes, including AEGIS family, Tiaoxin‐346, and Rocca by mixed integer linear programming tools is examined. Specifically, for the initialisation phase of AEGIS, Tiaoxin‐346, and Rocca, the security against differential attacks and integral attacks is evaluated by estimating the lower bounds for the number of active S‐boxes and utilising division property, respectively. In addition to the estimations of initialisation phases, the security of the encryption phases of AEGIS, Tiaoxin‐346, and Rocca against distinguishing attacks on keystream is evaluated by exploiting integral properties. As a result, the authors show that the initialisation phases of AEGIS‐128/128L/256, Tiaoxin‐346, and Rocca are secure against differential attacks after 4/3/6, 5, and 6 rounds, respectively. Regarding integral attacks, the distinguisher is found on 6/6/7, 15, and 7 rounds in the initialisation phases of AEGIS‐128/128L/256, Tiaoxin‐346, and Rocca, respectively. Additionally, the integral distinguisher is presented on 2/2/4, 4, and 4 rounds in the encryption phases of AEGIS‐128/128L/256, Tiaoxin‐346, and Rocca, respectively. As far as it is known, this study’s results are the first distinguishing attacks on the keystream on AEGIS, Tiaoxin‐346, and Rocca without relying on weak keys.https://doi.org/10.1049/ise2.12109cryptographysecurity |
spellingShingle | Takuro Shiraya Nobuyuki Takeuchi Kosei Sakamoto Takanori Isobe MILP‐based security evaluation for AEGIS/Tiaoxin‐346/Rocca IET Information Security cryptography security |
title | MILP‐based security evaluation for AEGIS/Tiaoxin‐346/Rocca |
title_full | MILP‐based security evaluation for AEGIS/Tiaoxin‐346/Rocca |
title_fullStr | MILP‐based security evaluation for AEGIS/Tiaoxin‐346/Rocca |
title_full_unstemmed | MILP‐based security evaluation for AEGIS/Tiaoxin‐346/Rocca |
title_short | MILP‐based security evaluation for AEGIS/Tiaoxin‐346/Rocca |
title_sort | milp based security evaluation for aegis tiaoxin 346 rocca |
topic | cryptography security |
url | https://doi.org/10.1049/ise2.12109 |
work_keys_str_mv | AT takuroshiraya milpbasedsecurityevaluationforaegistiaoxin346rocca AT nobuyukitakeuchi milpbasedsecurityevaluationforaegistiaoxin346rocca AT koseisakamoto milpbasedsecurityevaluationforaegistiaoxin346rocca AT takanoriisobe milpbasedsecurityevaluationforaegistiaoxin346rocca |