Computer aided cryptanalysis has been popular for recent several years, however, most of these automations are semi-automations which leave cryptographers to complete the remaining parts of the attack. This paper proposes an automatic framework towards optimal meet-in-the-middle attack with splice-and-cut technique(MITM-SCT). Compared with other automations on MITM attack, our framework is fully automatic which can take all the procedures of the attack into consideration. Firstly, with a newly introduced matrix-based method, a general framework is proposed to calculate the correlated states and illustrate the differential diffusion property in a MITM attack. Alongside, all the procedures of a typical MITM-SCT attack are reduced to three types of matrices. These matrices can be uniquely determined by the round function and the construction methods are presented. Secondly, based on the framework, a fully automatic searching method on MITM-SCT attack is proposed. Thirdly, an optimal searching strategy on MITM-SCT attack is proposed and the bound for the time complexity is illustrated. Based on our method, if the computing capability is large enough, we can search all the possible attack scenarios and the least upper bound for the target block cipher against MITM-SCT attack can be derived. That is to say, we cannot only find some better attack scenarios, but also try all the possible attack scenarios simultaneously to find the optimal ones for some cases. Finally, we apply our method to HIGHT, CHAM, WARP and derive some currently best-known MITM attacks on these ciphers. For HIGHT, we exhaustively search about 2.1 billion attack scenarios and derive 76.8 thousand 23-round MITM attacks on HIGHT, which is 4 rounds more than the current best MITM attack. For the CHAM family ciphers, some MITM attacks are proposed on 30-round, 19-round, 30-round CHAM-64/128, CHAM-128/128 and CHAM-128/256 respectively. These results can exceed most of the attacks in the single key setting proposed by the designers. For WARP, a concrete 19-round MITM attack is proposed. Our automatic method is proposed on solving the problem of MITM attacks on ARX ciphers, however, the successful attack on WARP indicates that our method can also be applied to Sbox-based block ciphers.

计算机辅助密码分析在最近几年很流行，但是，大多数这些自动化是半自动化，让密码学家完成攻击的其余部分。本文提出了一种使用拼接和切割技术（MITM-SCT）实现最佳中间相遇攻击的自动框架。与其他针对 MITM 攻击的自动化相比，我们的框架是全自动的，可以将攻击的所有过程都考虑在内。首先，使用新引入的基于矩阵的方法，提出了一个通用框架来计算相关状态并说明 MITM 攻击中的差异扩散特性。同时，典型的 MITM-SCT 攻击的所有过程都被简化为三种类型的矩阵。这些矩阵可以由轮函数唯一确定，并给出了构造方法。其次，基于该框架，提出了一种针对MITM-SCT攻击的全自动搜索方法。第三，提出了针对MITM-SCT攻击的最优搜索策略，并说明了时间复杂度的界限。基于我们的方法，如果计算能力足够大，我们可以搜索所有可能的攻击场景，并且可以导出针对MITM-SCT攻击的目标分组密码的最小上界。也就是说，我们不仅要找到一些更好的攻击场景，还要同时尝试所有可能的攻击场景，以找到对某些情况最优的攻击场景。最后，我们将我们的方法应用于 HIGHT、CHAM、WARP，并推导出一些目前最著名的针对这些密码的 MITM 攻击。对于高，我们详尽搜索了大约 21 亿个攻击场景，在 HIGHT 上推导出 7.68 万次 23 轮 MITM 攻击，比目前最好的 MITM 攻击多了 4 轮。针对CHAM家族密码，分别针对30轮、19轮、30轮CHAM-64/128、CHAM-128/128和CHAM-128/256提出了一些MITM攻击。这些结果可以超过设计者提出的大多数单键设置攻击。对于 WARP，提出了一种具体的 19 轮 MITM 攻击。我们的自动方法是为解决 ARX 密码的 MITM 攻击问题而提出的，然而，对 WARP 的成功攻击表明我们的方法也可以应用于基于 Sbox 的块密码。分别针对30轮、19轮、30轮CHAM-64/128、CHAM-128/128和CHAM-128/256提出了一些MITM攻击。这些结果可以超过设计者提出的大多数单键设置攻击。对于 WARP，提出了一种具体的 19 轮 MITM 攻击。我们的自动方法是为解决 ARX 密码的 MITM 攻击问题而提出的，然而，对 WARP 的成功攻击表明我们的方法也可以应用于基于 Sbox 的块密码。分别针对30轮、19轮、30轮CHAM-64/128、CHAM-128/128和CHAM-128/256提出了一些MITM攻击。这些结果可以超过设计者提出的大多数单键设置攻击。对于 WARP，提出了一种具体的 19 轮 MITM 攻击。我们的自动方法是为解决 ARX 密码的 MITM 攻击问题而提出的，然而，对 WARP 的成功攻击表明我们的方法也可以应用于基于 Sbox 的块密码。