Katholieke Universiteit Leuven
Differential and linear cryptanalysis is two of the most powerful techniques to analyze symmetric-key primitives. For modern ciphers, resistance against these attacks is therefore a mandatory design criterion. In this paper, the authors propose a novel technique to prove security bounds against both differential and linear cryptanalysis. They use Mixed-Integer Linear Programming (MILP), a method that is frequently used in business and economics to solve optimization problems. Their technique significantly reduces the workload of designers and cryptanalysts, because it only involves writing out simple equations that are input into an MILP solver.