%0 Journal Article
%A LIU Zongfu
%A YUAN Zheng
%A ZHAO Chenxi
%A ZHU Liang
%T Integral attack on PICO algorithm based on division property
%D 2020
%R 10.11772/j.issn.1001-9081.2019122228
%J Journal of Computer Applications
%P 2967-2972
%V 40
%N 10
%X PICO proposed in recent years is a bit-based ultra lightweight block cipher algorithm. The security of this algorithm to resist integral cryptanalysis was evaluated. Firstly, by analyzing the structure of PICO cipher algorithm, a Mixed-Integer Linear Programming (MILP) model of the algorithm was established based on division property. Then, according to the set constraints, the linear inequalities were generated to describe the propagation rules of division property, and the MILP problem was solved with the help of the mathematical software, the success of constructing the integral distinguisher was judged based on the objective function value. Finally, the automatic search of integral distinguisher of PICO algorithm was realized. Experimental results showed that, the 10-round integral distinguisher of PICO algorithm was searched, which is the longest one so far. However, the small number of plaintexts available is not conducive to key recovery. In order to obtain better attack performance, the searched 9-round distinguisher was used to perform 11-round key recovery attack on PICO algorithm. It is shown that the proposed attack can recover 128-bit round key, the data complexity of the attack is 2^{63.46}, the time complexity is 2^{76} 11-round encryptions, and the storage complexity is 2^{20}.
%U https://www.joca.cn/EN/10.11772/j.issn.1001-9081.2019122228