轻量级分组密码算法 FBC 的积分分析

The block cipher FBC was designed by Feng et al. in 2018 at the National Cryptographic Algorithm Design Competition organized by the Chinese Association for Cryptologic Research (CACR). FBC has three variants: FBC128-128, FBC128-256, and FBC256-256. The cipher is known for its lightweight design, high security, and flexibility of implementation for both software and hardware. In this paper, integral distinguishers of FBC are searched based on the division property and MILP method. First, regarding the round function as a composition of basic operations, including S-box, copy, and XOR, the propagation of the division property can be described by linear inequalities, according to the propagation rules in basic operations. Second, with the linear inequalities as constraints, an MILP model is constructed to detect a lower bound of the maximum rounds of integral distinguishers, and an algorithm of determining the existence of an r-round integral distinguisher is proposed. Finally, 11-round and 14-round integral distinguishers of FBC128-128/256 and FBC256-256 are found respectively, both are superior to the best known results.