A New Method To Find All The High-Probability Word-Oriented Truncated Differentials: Application To Midori, SKINNY And CRAFT

Abstract This paper proposes a new method to find high-probability truncated differentials using matrix muliplication. For Markov cipher with similar round function, suppose that the transition probability matrix of round function is $\mathcal{D}$, then $\mathcal{D}^{r}$ contains all the differential probabilities of an $r$-round block cipher. To reduce the matrix dimension, we consider the word-oriented truncated differential and the truncated transition probability matrix $\mathcal{T}$. Regardless of the effect of the $S$-box, we focus on whether there is a non-zero difference on one cell instead of the value of the difference. In this case, the matrix dimension reduces significantly and we can calculate $\mathcal{T}^{r}$ using a workstation. Then all the $r$-round truncated differential probabilities can be found from $\mathcal{T}^{r}$. And the probability in $\mathcal{T}^{r}$ is the probability of the whole truncated differential hull but not a single or several truncated differential characteristics. Besides, we make a more accurate probability estimation of the truncated differential of lightweight block cipher. Combined with the truncated differential hull, we found some longer truncated differential distinguishers. And as $\mathcal{T}^{r}$ stores all the truncated differential probabilities, we can also find all the impossible truncated differentials.