Integral Cryptanalysis Using Algebraic Transition Matrices

Authors

  • Tim Beyne COSIC, KU Leuven, Leuven, Belgium
  • Michiel Verbauwhede COSIC, KU Leuven, Leuven, Belgium

DOI:

https://doi.org/10.46586/tosc.v2023.i4.244-269

Keywords:

Integral Cryptanalysis, Division Property, Nonlinear Invariants, ANF, Change-of-Basis, Algebraic Transition Matrices

Abstract

In this work we introduce algebraic transition matrices as the basis for a new approach to integral cryptanalysis that unifies monomial trails (Hu et al., Asiacrypt 2020) and parity sets (Boura and Canteaut, Crypto 2016). Algebraic transition matrices allow for the computation of the algebraic normal form of a primitive based on the algebraic normal forms of its components by means of wellunderstood operations from linear algebra. The theory of algebraic transition matrices leads to better insight into the relation between integral properties of F and F−1. In addition, we show that the link between invariants and eigenvectors of correlation matrices (Beyne, Asiacrypt 2018) carries over to algebraic transition matrices. Finally, algebraic transition matrices suggest a generalized definition of integral properties that subsumes previous notions such as extended division properties (Lambin, Derbez and Fouque, DCC 2020). On the practical side, a new algorithm is described to search for these generalized properties and applied to Present, resulting in new properties. The algorithm can be instantiated with any existing automated search method for integral cryptanalysis.

Published

2023-12-08

Issue

Section

Articles

How to Cite

Integral Cryptanalysis Using Algebraic Transition Matrices. (2023). IACR Transactions on Symmetric Cryptology, 2023(4), 244-269. https://doi.org/10.46586/tosc.v2023.i4.244-269