MILP-aided Related-Tweak/Key Impossible Differential Attack and Its Applications to QARMA, Joltik-BC

In this paper, we study the relation of related-tweak/key impossible differentials with single-key ones. Following a heuristic strategy, we can derive longer related-tweak/key impossible differentials from single-key ones. We implement this strategy with the MILP technique and apply it to search related-tweak/key impossible differentials of two tweakable block ciphers: QARMA-64 and Joltik-BC-128. For QARMA-64, we find several 7-round related-tweak impossible differential distinguishers and use them to mount a 10-round key recovery attack including the outer whitening key; for Joltik-BC-128, we find two 6-round related-tweakey impossible differential distinguishers and use them attack 9-round and 10-round Joltik-BC-128 respectively.