Division property is a cryptanalysis method that proves to be very efficient on block ciphers. Computer-aided techniques such as MILP have been widely and successfully used to study various cryptanalysis techniques, and it especially led to many new results for the division property. Nonetheless, we claim that the previous techniques do not consider the full search space. We show that even if the previous techniques fail to find a distinguisher based on the division property over a given function, we can potentially find a relevant distinguisher over a linearly equivalent function. We show that the representation of the block cipher heavily influences the propagation of the division property, and exploiting this, we give an algorithm to efficiently search for such linear mappings. As a result, we exhibit a new distinguisher over 10 rounds of RECTANGLE , while the previous best was over 9 rounds, and rule out such a distinguisher over more than 9 rounds of PRESENT . We also give some insight about the construction of an S-box to strengthen a block cipher against our technique. We prove that using an S-box satisfying a certain criterion is optimal in term of resistance against classical division property. Accordingly, we exhibit stronger variants of RECTANGLE and PRESENT , improving the resistance against division property based distinguishers by 2 rounds.

中文翻译：

---

线性等效 S 盒和除法性质

除法属性是一种密码分析方法，被证明对分组密码非常有效。MILP等计算机辅助技术已被广泛并成功地用于研究各种密码分析技术，特别是在除法方面产生了许多新的成果。尽管如此，我们声称之前的技术没有考虑完整的搜索空间。我们表明，即使先前的技术无法根据给定函数的除法属性找到区分符，我们也可以潜在地找到线性等效函数上的相关区分符。我们表明分组密码的表示严重影响除法属性的传播，并利用这一点，我们给出了一种算法来有效地搜索这种线性映射。因此，我们在 10 轮 RECTANGLE 上展示了一个新的区分器，而之前最好的超过 9 轮，并排除了超过 9 轮 PRESENT 的这种区分器。我们还提供了一些关于构建 S-box 以加强针对我们的技术的分组密码的见解。我们证明了使用满足特定标准的 S-box 是抵抗经典除法属性的最佳选择。因此，我们展示了 RECTANGLE 和 PRESENT 的更强变体，将基于分割属性的区分器的抵抗力提高了 2 轮。我们证明使用满足特定标准的 S 盒在抵抗经典除法属性方面是最佳的。因此，我们展示了 RECTANGLE 和 PRESENT 的更强变体，将基于分割属性的区分器的抵抗力提高了 2 轮。我们证明使用满足特定标准的 S 盒在抵抗经典除法属性方面是最佳的。因此，我们展示了 RECTANGLE 和 PRESENT 的更强变体，将基于分割属性的区分器的抵抗力提高了 2 轮。