{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,5]],"date-time":"2025-11-05T08:58:31Z","timestamp":1762333111811,"version":"build-2065373602"},"reference-count":25,"publisher":"Institution of Engineering and Technology (IET)","issue":"1","license":[{"start":{"date-parts":[[2024,9,30]],"date-time":"2024-09-30T00:00:00Z","timestamp":1727654400000},"content-version":"vor","delay-in-days":273,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62202494"],"award-info":[{"award-number":["62202494"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["ietresearch.onlinelibrary.wiley.com"],"crossmark-restriction":true},"short-container-title":["IET Information Security"],"published-print":{"date-parts":[[2024,1]]},"abstract":"<jats:p>Reflection structure has a significant advantage that realizing decryption and encryption results in minimum additional costs, and many block ciphers tend to adopt such structure to achieve the requirement of low overhead. PRINCE, MANTIS, QARMA, and PRINCEv2 are lightweight block ciphers with reflection feature proposed in recent years. In this paper, we consider the automatic differential cryptanalysis of reflection block ciphers based on Boolean satisfiability (SAT) method. Since reflection block ciphers have different round functions, we extend forward and backward from the middle structure and achieve to accelerate the search of the optimal differential characteristics for such block ciphers with the Matsui\u2019s bounding conditions. As a result, we present the optimal differential characteristics for PRINCE up to 12 rounds (full round), and they are also the optimal characteristics for PRINCEv2. We also find the optimal differential characteristics for MANTIS, QARMA\u201064, and QARMA\u2010128 up to 10, 12, and 8 rounds, respectively. To mount an efficient differential attack on such block ciphers, we present a uniform SAT model by combining the differential characteristic searching process and the key recovery process. With this model, we find two sets of 7\u2010round differential characteristics for PRINCE with less guessed key bits and use them to present a multiple differential attack against 11\u2010round PRINCE, which improves the known single\u2010key attack on PRINCE by one round to our knowledge.<\/jats:p>","DOI":"10.1049\/2024\/5574862","type":"journal-article","created":{"date-parts":[[2024,9,30]],"date-time":"2024-09-30T04:20:11Z","timestamp":1727670011000},"update-policy":"https:\/\/doi.org\/10.1002\/crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Automatic Search of Differential Characteristics and Improved Differential Cryptanalysis for PRINCE, QARMA, and MANTIS"],"prefix":"10.1049","volume":"2024","author":[{"ORCID":"https:\/\/orcid.org\/0009-0005-4543-1829","authenticated-orcid":false,"given":"Yaxin","family":"Cui","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5461-0697","authenticated-orcid":false,"given":"Hong","family":"Xu","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3421-5790","authenticated-orcid":false,"given":"Lin","family":"Tan","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3031-4719","authenticated-orcid":false,"given":"Wenfeng","family":"Qi","sequence":"additional","affiliation":[]}],"member":"265","published-online":{"date-parts":[[2024,9,30]]},"reference":[{"key":"e_1_2_11_1_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-34961-4_14"},{"key":"e_1_2_11_2_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-53008-5_5"},{"key":"e_1_2_11_3_2","doi-asserted-by":"publisher","DOI":"10.46586\/tosc.v2017.i1.4-44"},{"key":"e_1_2_11_4_2","series-title":"Lecture Notes in Computer Science","first-page":"483","volume-title":"Selected Areas in Cryptography","author":"Bozilov D.","year":"2020"},{"key":"e_1_2_11_5_2","series-title":"Lecture Notes in Computer Science","first-page":"591","volume-title":"Fast Software Encryption","author":"Canteaut A.","year":"2014"},{"key":"e_1_2_11_6_2","doi-asserted-by":"publisher","DOI":"10.1007\/s00145-020-09345-0"},{"key":"e_1_2_11_7_2","first-page":"248","article-title":"Practical key-recovery attack on MANTIS5","volume":"2016","author":"Dobraunig C.","year":"2016","journal-title":"IACR Transactions on Symmetric Cryptology"},{"key":"e_1_2_11_8_2","doi-asserted-by":"publisher","DOI":"10.46586\/tosc.v2018.i2.111-132"},{"key":"e_1_2_11_9_2","doi-asserted-by":"publisher","DOI":"10.1007\/s11432-018-9658-0"},{"key":"e_1_2_11_10_2","doi-asserted-by":"publisher","DOI":"10.46586\/tosc.v2019.i1.236-263"},{"key":"e_1_2_11_11_2","doi-asserted-by":"publisher","DOI":"10.1093\/comjnl\/bxy045"},{"key":"e_1_2_11_12_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2946638"},{"key":"e_1_2_11_13_2","unstructured":"MouhaN.andPreneelB. Towards finding optimal differential characteristics for arx: application to salsa20 2013 Cryptology ePrint Archive."},{"key":"e_1_2_11_14_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-47989-6_8"},{"key":"e_1_2_11_15_2","doi-asserted-by":"publisher","DOI":"10.1007\/s11432-018-9772-0"},{"key":"e_1_2_11_16_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-45611-8_9"},{"key":"e_1_2_11_17_2","unstructured":"SunS. HuL. WangM. WangP. QiaoK. MaX. ShiD. SongL. andFuK. Towards finding the best characteristics of some bit-oriented block ciphers and automatic enumeration of (related-key) differential and linear characteristics with predefined properties 2014 Cryptology ePrint Archive Paper 2014\/747."},{"key":"e_1_2_11_18_2","doi-asserted-by":"publisher","DOI":"10.46586\/tosc.v2021.i1.269-315"},{"key":"e_1_2_11_19_2","doi-asserted-by":"crossref","unstructured":"IlterM. B.andSel\u00e7ukA. A. A new MILP model for matrix multiplications with applications to KLEIN and PRINCE Proceedings of the 18th International Conference on Security and Cryptography SECRYPT 2021 2021 SCITEPRESS 420\u2013427.","DOI":"10.5220\/0010519500002998"},{"key":"e_1_2_11_20_2","first-page":"1041","article-title":"Impossible differential analysis on round-reduced PRINCE","volume":"33","author":"Ding Y.-L.","year":"2017","journal-title":"Journal of Information Science and Engineering"},{"key":"e_1_2_11_21_2","doi-asserted-by":"publisher","DOI":"10.1049\/iet-ifs.2015.0432"},{"key":"e_1_2_11_22_2","unstructured":"LiL. JiaK. andWangX. Improved meet-in-the-middle attacks on AES-192 and PRINCE 2013 Cryptology ePrint Archive."},{"key":"e_1_2_11_23_2","doi-asserted-by":"publisher","DOI":"10.46586\/tosc.v2018.i3.93-123"},{"key":"e_1_2_11_24_2","doi-asserted-by":"publisher","DOI":"10.46586\/tosc.v2021.i2.249-291"},{"key":"e_1_2_11_25_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-21702-9_3"}],"container-title":["IET Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/ietresearch.onlinelibrary.wiley.com\/doi\/pdf\/10.1049\/2024\/5574862","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,5]],"date-time":"2025-11-05T08:55:17Z","timestamp":1762332917000},"score":1,"resource":{"primary":{"URL":"https:\/\/ietresearch.onlinelibrary.wiley.com\/doi\/10.1049\/2024\/5574862"}},"subtitle":[],"editor":[{"given":"Qichun","family":"Wang","sequence":"additional","affiliation":[]}],"short-title":[],"issued":{"date-parts":[[2024,1]]},"references-count":25,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2024,1]]}},"alternative-id":["10.1049\/2024\/5574862"],"URL":"https:\/\/doi.org\/10.1049\/2024\/5574862","archive":["Portico"],"relation":{},"ISSN":["1751-8709","1751-8717"],"issn-type":[{"type":"print","value":"1751-8709"},{"type":"electronic","value":"1751-8717"}],"subject":[],"published":{"date-parts":[[2024,1]]},"assertion":[{"value":"2023-06-12","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-09-14","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-09-30","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}],"article-number":"5574862"}}