Unveiling the Neutral Difference and Its Automated Search

Abstract

Given a differential characteristic and an existing plaintext pair that satisfies it (referred to as a right pair), generating additional right pairs at a reduced cost is an appealing prospect. The neutral bit technique, referred to as neutral differences throughout this paper, provides a solution to this challenge. Traditionally, the search for neutral differences has heavily depended on experimental testing, leading to limitations in the search range. In this work, we propose the neutral difference table and establish a link between boomerang cryptanalysis and neutral differences. Furthermore, we propose an automated search for neutral differences to address the problem of a limited search range of neutral differences, as previous approaches relied on experimental testing. This approach provides a basis for the subspace spanned by the neutral differences, and we apply this technique to both SPECK32 and LEA, where the predicted results closely match the experimental ones. Consequently, we present the improved differential-linear distinguishers for SPECK32 and LEA, along with the 18-round attacks on LEA192 and LEA256 with the lowest time complexity up to date.