## Abstract

A central problem in cryptanalysis is to find all the significant deviations from randomness in a given n-bit cryptographic primitive. When n is small (e.g., an 8-bit S-box), this is easy to do, but for large n, the only practical way to find such statistical properties was to exploit the internal structure of the primitive and to speed up the search with a variety of heuristic rules of thumb. However, such bottom-up techniques can miss many properties, especially in cryptosystems which are designed to have hidden trapdoors. In this paper we consider the top-down version of the problem in which the cryptographic primitive is given as a structureless black box, and reduce the complexity of the best known techniques for finding all its significant differential and linear properties by a large factor of 2 ^{n}^{/}^{2}. Our main new tool is the idea of using surrogate differentiation. In the context of finding differential properties, it enables us to simultaneously find information about all the differentials of the form f(x) ⊕ f(x⊕ α) in all possible directions α by differentiating f in a single randomly chosen direction γ (which is unrelated to the α ’s). In the context of finding linear properties, surrogate differentiation can be combined in a highly effective way with the Fast Fourier Transform. For 64-bit cryptographic primitives, this technique makes it possible to automatically find in about 2 ^{64} time all their differentials with probability p≥ 2 ^{- 32} and all their linear approximations with bias | p| ≥ 2 ^{- 16} (using 2 ^{64} memory); previous algorithms for these problems required at least 2 ^{96} time. Similar techniques can be used to significantly improve the best known time complexities of finding related key differentials, second-order differentials, and boomerangs. In addition, we show how to run variants of these algorithms which require no memory, and how to detect such statistical properties even in trapdoored cryptosystems whose designers specifically try to evade our techniques.

Original language | English |
---|---|

Title of host publication | Advances in Cryptology – EUROCRYPT 2023 - 42nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2023, Proceedings |

Editors | Carmit Hazay, Martijn Stam |

Publisher | Springer Science and Business Media Deutschland GmbH |

Pages | 98-127 |

Number of pages | 30 |

ISBN (Print) | 9783031306334 |

DOIs | |

State | Published - 2023 |

Event | 42nd Annual International Conference on Theory and Applications of Cryptographic Techniques, EUROCRYPT 2023 - Lyon, France Duration: 23 Apr 2023 → 27 Apr 2023 |

### Publication series

Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
---|---|

Volume | 14007 LNCS |

ISSN (Print) | 0302-9743 |

ISSN (Electronic) | 1611-3349 |

### Conference

Conference | 42nd Annual International Conference on Theory and Applications of Cryptographic Techniques, EUROCRYPT 2023 |
---|---|

Country/Territory | France |

City | Lyon |

Period | 23/04/23 → 27/04/23 |