Toolkit for Counting Active S-boxes using Mixed-Integer Linear Programming (MILP)
- Author: Nicky Mouha
- Download: http://www.ecrypt.eu.org/tools/uploads/sbox-milp.zip
- Documentation: http://www.cosic.esat.kuleuven.be/publications/article-2080.pdf
This toolkit can be used to prove the security of cryptographic ciphers against linear and differential cryptanalysis. The toolkit generates a Mixed-Integer Linear Programming (MILP) problem which counts the minimum number of (linearly or differentially) active S-boxes for a given cipher. Currently, AES and xAES are implemented (both in the single-key and related-key setting), as well as Enocoro-128v2 (in the related-key setting). The technique is very general, and can be adapted to other ciphers with little effort.