A CP-based automatic tool for instantiating truncated differential characteristics
In Progress in cryptology – INDOCRYPT 2023
Abstract An important criteria to assert the security of a cryptographic primitive is its resistance against differential cryptanalysis. For word-oriented primitives, a common technique to determine the number of rounds required to ensure the immunity against differential distinguishers is to consider truncated differential characteristics and to count the number of active S-boxes. Doing so allows to provide an upper bound on the probability of the best differential characteristic with a reduced computational cost.