Integral cryptanalysis on two block ciphers Pyjamask and uBlock

The integral cryptanalysis is a powerful cryptanalytic technique for the security evaluation of block cipher. However, when using the MILP-aided division property to search the integral distinguishers, many candidates of initial division properties need to be tested, so that the computations are unbearable in practice. This study takes advantage of the division property propagation of S-box to improve the optimal integral distinguisher searching algorithm, and further reduce its time complexity. Whereafter, the improved algorithm is used to give 8- and 9-round integral distinguishers of uBlock-128 and uBlock-256, and 10- and 9-round integral distinguishers of Pyjamask-96 and Pyjamask-128. On this basis, utilising the partial sums technique, the authors perform 9- and 11-round key-recovery attacks on uBlock-128 and Pyjamask-96, respectively. The data complexities are 2(124) and 2(93), and the time complexities are less than 2(124.9) times of 9-round uBlock-128 encryption and 2(93.8) times of 11-round Pyjamask-96 encryption. The results given in this study are the best integral attacks available of the two ciphers presently.