Integral Attacks on Some Lightweight Block Ciphers

At EUROCRYPT 2015, Todo proposed a new technique named division property, and it is a powerful technique to find integral distinguishers. The original division property is also named word-based division property. Later, Todo and Morii once again proposed a new technique named the bit-based division property at FSE 2016 and find more rounds integral distinguisher for SIMON-32. There are two basic approaches currently being adopted in researches under the bit-based division property. One is conventional bit-based division property (CBDP), the other is bit-based division property using three-subset (BDPT). Particularly, BDPT is more powerful than CBDP. In this paper, we use Boolean Satisfiability Problem (SAT)-aided cryptanalysis to search integral distinguishers. We conduct experiments on SIMON-32/-48/-64/-96, SIMON (102)-32/-48/-64, SIMECK-32/-48/-64, LBlock, GIFT and Khudra to prove the efficiency of our method. For SIMON (102)-32/-48/-64, we can determine some bits are odd, while these bits can only be determined as constant in the previous result. For GIFT, more balanced (zero-sum) bits can be found. For LBlock, we can find some other new integral distinguishers. For Khudra, we obtain two 9-round integral distinguishers. For other ciphers, we can find the same integral distinguishers as before.