Research Article
SAT-Based Security Evaluation for WARP against Linear Cryptanalysis
Algorithm 1
The SAT model for searching the linear trails with optimal correlation/lower bound for the number of active Sboxes of WARP
| Input:-round, predefined threshold of the correlation (the number of active Sboxes ), | | (). | | Output: If (), return a linear trail with optimal correlation (lower bound for the number of active Sboxes). | | 1: /Step 1: Construct the SAT model./ | | 2: For to do | | 3: For to 32 do | | 4: Add the constraints in Equation (4) to describe the mask propagations of three-fork branching. | | 5: If : | | 6: If : | | 7: Add the constraints in Table 6 to describe the mask propagations of Sbox with correlations. | | 8: If : | | 9: Add the constraints in Table 7 to describe the mask propagations of the activeness of Sbox. | | 10: Add the constaints in Equation (5) to describe the mask propagations of XOR operation and operation. | | 11: / Step 2: Find a linear trail./ | | 12: If then | | 13: , set the objective function to Equation (9). | | 14: If then | | 15: , set the objective function to Equation (8). | | 16: For to do | | 17: Add the constraints to describe the objective function. | | 18: Invoke the solver to solve the model. | | 19: If solver finds a solution then | | 20: Return the -round linear trail. | | 21: Else | | 22: . |
|
