A New MILP Model for Matrix Multiplications with Applications to KLEIN and PRINCE

Abstract

Mixed integer linear programming (MILP) models are applied extensively in the field of cryptanalysis. Finding the minimum number of active S-boxes and the best differential characteristic in a differential attack are two main problems examined using the MILP approach. In this study, KLEIN and PRINCE block ciphers are modeled with MILP to search for an exact solution to these problems. Both ciphers contain matrix multiplication operations, which can be calculated using multiple xor operations. The standard MILP model for multiple xors increases the number of variables significantly, which extends the solution time. In this work, an alternative xor model is proposed using fewer variables than the standard xor model. The new model is much more efficient in terms of the number of variables involved and the execution time. Using the new model, we analyze the differential properties of KLEIN and PRINCE. We obtain the exact minimum number of active S-boxes of these ciphers with full rounds and also discover the best differential characteristics for various numbers of rounds. For KLEIN and PRINCE ciphers we achieve the best single differential characteristic of probability 2(-56). These results improve the best single-key differential attacks on these ciphers in the literature.