Clustering Effect of Iterative Differential and Linear Trails.

Differential and linear cryptanalysis are two of the most important kinds of cryptanalysis for symmetric-key primitives. In this paper, we propose a graph-based method of evaluating the clustering effect of iterative differential and linear trails. We also exploit the iterative trails to find exploitable difference and linear propagations. We apply our method to four lightweight SPN primitives including PRESENT, GIFT-64, RECTANGLE and KNOT-256. For KNOT-256, we improve the best difference and linear propagations by 5 and 9 rounds respectively. For RECTANGLE, we improve the best 14-round linear propagation. Our other results are consistent with the best known results. We illustrate the dominance of iterative trails by showing the proportion of trails that are incorporated in our method in a difference or linear propagation. Additionally, for the primary version of KNOT, we find difference and linear propagations leading to different differential and linear attacks. We stress here that our results do not threaten the security of KNOT.