Abstract

The Mixed Integer Linear Programming (MILP) technique has been widely applied in the realm of symmetric-key cryptanalysis. In this paper, we propose a new bitwise breakdown MILP modeling strategy for describing the linear propagation rules of modular addition-based operations. We apply such new techniques to cryptanalysis of the SNOW stream cipher family and find new linear masks: we use the MILP model to find many linear mask candidates among which the best ones are identified with particular algebraic bias evaluation techniques. For SNOW 3G, the correlation of the linear mask we found is the highest on record: such results are highly likely to be optimal according to our analysis. For SNOW 2.0, we find new masks matching the correlation record and many new sub-optimal masks applicable to improving correlation attacks. For SNOW-V/Vi, by investigating both bitwise and truncated linear masks, we find all linear masks having the highest correlation and prove the optimum of the corresponding truncated patterns under the “fewest active S-box preferred” strategy. By using the newly found linear masks, we give correlation attacks on the SNOW family with improved complexities. We emphasize that the newly proposed uniform MILP-aided framework can be potentially applied to analyze LFSR-FSM structures composed of modular addition and S-box as non-linear components.

中文翻译：

---

将 MILP 建模与线性掩模搜索的代数偏差评估相结合：改进对 SNOW 的快速相关攻击

摘要

混合整数线性规划（MILP）技术已广泛应用于对称密钥密码分析领域。在本文中，我们提出了一种新的按位分解 MILP 建模策略，用于描述基于模加法运算的线性传播规则。我们将此类新技术应用于 SNOW 流密码家族的密码分析，并找到新的线性掩码：我们使用 MILP 模型来查找许多线性掩码候选者，其中最好的掩码是通过特定的代数偏差评估技术来识别的。对于 SNOW 3G，我们发现的线性掩模的相关性是有记录以来最高的：根据我们的分析，这样的结果很可能是最佳的。对于SNOW 2.0，我们发现了与相关记录相匹配的新掩码，以及许多适用于改进相关攻击的新的次优掩码。对于SNOW-V/Vi，通过研究按位和截断线性掩模，我们发现所有线性掩模具有最高的相关性，并证明在“最少活跃S盒首选”策略下相应截断模式的最优性。通过使用新发现的线性掩模，我们对 SNOW 系列进行相关攻击，并提高了复杂性。我们强调，新提出的统一 MILP 辅助框架可以潜在地应用于分析由模加法和 S-box 作为非线性组件组成的 LFSR-FSM 结构。