MILP-based Differential Cryptanalysis of RAGHAV

Résumé

RAGHAV is a lightweight block cipher designed for resource-constrained applications. It follows a Substitution–Permutation Network (SPN) structure and employs a 4-bit S-box applied in parallel eight times during the encryption process, providing high diffusion. The designers claimed resistance against differential cryptanalysis and established a bound on the minimum number of active S-boxes for up to 5 rounds.

In this manuscript, we analyze the security of the RAGHAV cipher against differential cryptanalysis using a Mixed Integer Linear Programming (MILP)-based optimization approach for up to 28 rounds. We identify a differential trail with probability $2^{-66}$. Consequently, an adversary would require $2^{66}$ chosen plaintexts to successfully mount a differential attack, which exceeds the practical data limit for a 64-bit block cipher. To the best of our knowledge, the differential trails obtained in this work represent the best known results for RAGHAV up to 28 rounds.