Automatic Generation of Declarative Models For Differential Cryptanalysis

Authors Luc Libralesso, François Delobel, Pascal Lafourcade, Christine Solnon

Thumbnail PDF


  • Filesize: 1.09 MB
  • 18 pages

Document Identifiers

Author Details

Luc Libralesso
  • LIMOS, CNRS UMR 6158, University Clermont Auvergne, Aubière, France
François Delobel
  • LIMOS, CNRS UMR 6158, University Clermont Auvergne, Aubière, France
Pascal Lafourcade
  • LIMOS, CNRS UMR 6158, University Clermont Auvergne, Aubière, France
Christine Solnon
  • INSA Lyon, CITI, INRIA CHROMA, F-69621 Villeurbanne, France

Cite AsGet BibTex

Luc Libralesso, François Delobel, Pascal Lafourcade, and Christine Solnon. Automatic Generation of Declarative Models For Differential Cryptanalysis. In 27th International Conference on Principles and Practice of Constraint Programming (CP 2021). Leibniz International Proceedings in Informatics (LIPIcs), Volume 210, pp. 40:1-40:18, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2021)


When designing a new symmetric block cipher, it is necessary to evaluate its robustness against differential attacks. This is done by computing Truncated Differential Characteristics (TDCs) that provide bounds on the complexity of these attacks. TDCs are often computed by using declarative approaches such as CP (Constraint Programming), SAT, or ILP (Integer Linear Programming). However, designing accurate and efficient models for these solvers is a difficult, error-prone and time-consuming task, and it requires advanced skills on both symmetric cryptography and solvers. In this paper, we describe a tool for automatically generating these models, called Tagada (Tool for Automatic Generation of Abstraction-based Differential Attacks). The input of Tagada is an operational description of the cipher by means of black-box operators and bipartite Directed Acyclic Graphs (DAGs). Given this description, we show how to automatically generate constraints that model operator semantics, and how to generate MiniZinc models. We experimentally evaluate our approach on two different kinds of differential attacks (e.g., single-key and related-key) and four different symmetric block ciphers (e.g., the AES (Advanced Encryption Standard), Craft, Midori, and Skinny). We show that our automatically generated models are competitive with state-of-the-art approaches. These automatically generated models constitute a new benchmark composed of eight optimization problems and eight enumeration problems, with instances of increasing size in each problem. We experimentally compare CP, SAT, and ILP solvers on this new benchmark.

Subject Classification

ACM Subject Classification
  • Security and privacy → Cryptanalysis and other attacks
  • Constraint Programming
  • SAT
  • ILP
  • Differential Cryptanalysis


  • Access Statistics
  • Total Accesses (updated on a weekly basis)
    PDF Downloads


  1. S. Banik, A. Bogdanov, T. Isobe, K. Shibutani, H. Hiwatari, T. Akishita, and F. Regazzoni. Midori: A block cipher for low energy. In ASIACRYPT, volume 9453 of LNCS, pages 411-436. Springer, 2015. Google Scholar
  2. Subhadeep Banik, Sumit Kumar Pandey, Thomas Peyrin, Yu Sasaki, Siang Meng Sim, and Yosuke Todo. Gift: a small present. In International Conference on Cryptographic Hardware and Embedded Systems, pages 321-345. Springer, 2017. Google Scholar
  3. Ray Beaulieu, Stefan Treatman-Clark, Douglas Shors, Bryan Weeks, Jason Smith, and Louis Wingers. The simon and speck lightweight block ciphers. In 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC), pages 1-6. IEEE, 2015. Google Scholar
  4. Christof Beierle, Jérémy Jean, Stefan Kölbl, Gregor Leander, Amir Moradi, Thomas Peyrin, Yu Sasaki, Pascal Sasdrich, and Siang Meng Sim. The SKINNY family of block ciphers and its low-latency variant MANTIS. In CRYPTO 2016 - 36th Annual International Cryptology Conference, volume 9815 of Lecture Notes in Computer Science, pages 123-153. Springer, 2016. Google Scholar
  5. Christof Beierle, Gregor Leander, Amir Moradi, and Shahram Rasoolzadeh. Craft: Lightweight tweakable block cipher with efficient protection against dfa attacks. IACR Transactions on Symmetric Cryptology, 2019(1):5-45, 2019. Google Scholar
  6. E. Biham and A. Shamir. Differential cryptoanalysis of feal and n-hash. In EUROCRYPT, volume 547 of LNCS, pages 1-16. Springer, 1991. Google Scholar
  7. A. Biryukov and I. Nikolic. Automatic search for related-key differential characteristics in byte-oriented block ciphers: Application to AES, camellia, khazad and others. In Advances in Cryptology, LNCS 6110, pages 322-344. Springer, 2010. Google Scholar
  8. Andrey Bogdanov, Lars R Knudsen, Gregor Leander, Christof Paar, Axel Poschmann, Matthew JB Robshaw, Yannick Seurin, and Charlotte Vikkelsoe. Present: An ultra-lightweight block cipher. In International workshop on cryptographic hardware and embedded systems, pages 450-466. Springer, 2007. Google Scholar
  9. Geoffrey Chu and Peter J. Stuckey. Chuffed solver description, 2014. Available at URL:
  10. Carlos Cid, Tao Huang, Thomas Peyrin, Yu Sasaki, and Ling Song. A security analysis of deoxys and its internal tweakable block ciphers. IACR Trans. Symmetric Cryptol., 2017(3):73-107, 2017. Google Scholar
  11. Stéphanie Delaune, Patrick Derbez, Paul Huynh, Marine Minier, Victor Mollimard, and Charles Prud'homme. SKINNY with scalpel - comparing tools for differential analysis. IACR Cryptol. ePrint Arch., 2020:1402, 2020. Google Scholar
  12. FIPS 197. Advanced Encryption Standard. Federal Information Processing Standards Publication 197, 2001. U.S. Department of Commerce/N.I.S.T. Google Scholar
  13. P. Fouque, J. Jean, and T. Peyrin. Structural evaluation of AES and chosen-key distinguisher of 9-round AES-128. In Advances in Cryptology - CRYPTO 2013 - Part I, volume 8042 of LNCS, pages 183-203. Springer, 2013. Google Scholar
  14. D. Gérault. Security Analysis of Contactless Communication Protocols. PhD thesis, Université Clermont Auvergne, 2018. Google Scholar
  15. D. Gérault and P. Lafourcade. Related-key cryptanalysis of midori. In INDOCRYPT, volume 10095 of LNCS, pages 287-304, 2016. Google Scholar
  16. D. Gerault, P. Lafourcade, M. Minier, and C. Solnon. Computing AES related-key differential characteristics with constraint programming. Artif. Intell., 278, 2020. Google Scholar
  17. D. Gérault, M. Minier, and C. Solnon. Constraint programming models for chosen key differential cryptanalysis. In CP, volume 9892 of LNCS, pages 584-601. Springer, 2016. Google Scholar
  18. Hosein Hadipour, Sadegh Sadeghi, Majid M Niknam, Ling Song, and Nasour Bagheri. Comprehensive security analysis of craft. IACR Transactions on Symmetric Cryptology, pages 290-317, 2019. Google Scholar
  19. Jérémy Jean, Ivica Nikolic, Thomas Peyrin, and Yannick Seurin. Deoxys v1. 41. Submitted to CAESAR, 2016. Google Scholar
  20. L. Knudsen. Truncated and higher order differentials. In Fast Software Encryption, pages 196-211. Springer, 1995. Google Scholar
  21. Nicholas Nethercote, Peter J. Stuckey, Ralph Becket, Sebastian Brand, Gregory J. Duck, and Guido Tack. Minizinc: Towards a standard CP modelling language. In Principles and Practice of Constraint Programming - CP 2007, volume 4741 of LNCS, pages 529-543. Springer, 2007. Google Scholar
  22. Gurobi Optimization. Gurobi optimizer reference manual, 2018. URL:
  23. L. Rouquette and C. Solnon. abstractXOR: A global constraint dedicated to differential cryptanalysis. In 26th International Conference on Principles and Practice of Constraint Programming, volume 12333 of LNCS, pages 566-584, Louvain-la-Neuve, Belgium, 2020. Springer. Google Scholar
  24. CE Shannon. Communication theory of secrecy systems, bell systems tech. Bell System Technical Journal, 28:656-715, 1949. Google Scholar
  25. R. Singleton. Maximum distance q-nary codes. IEEE Trans. Inf. Theor., 10(2):116-118, 2006. URL:
  26. Boxin Zhao, Xiaoyang Dong, and Keting Jia. New related-tweakey boomerang and rectangle attacks on deoxys-bc including bdt effect. IACR Transactions on Symmetric Cryptology, pages 121-151, 2019. Google Scholar
  27. N.-F. Zhou, H. Kjellerstrand, and J. Fruhman. Constraint Solving and Planning with Picat. Springer, 2015. Google Scholar
Questions / Remarks / Feedback

Feedback for Dagstuhl Publishing

Thanks for your feedback!

Feedback submitted

Could not send message

Please try again later or send an E-mail