integral cryptanalysis of reduced-round sand-64 based on bit-based division property

Conventional bit-based division property (cbdp), as a generalization of integral property, has been a powerful tool for integral cryptanalysis of many block ciphers. exploiting a mixed integral linear programming (milp) optimizer, an alternative approach of searching integral distinguishers was proposed, which has overcome the bottleneck of cipher block length. the milp-aided method starts from modeling cbdp propagation by a system of linear inequalities. then by choosing an appropriate objective function, the problem of searching distinguisher transforms to an milp problem. as an application of this technique, we focused on a newly proposed lightweight block cipher sand. sand is a family of two and-xr block ciphers sand-64 and sand-128, which was designed to overcome the difficulty regarding security evaluation. for sand-64, we found a 12-round distinguisher with 23 balanced bits and a data complexity of (2^{63}), with the superiority of higher number of balanced bits than the designers' one. furthermore, we applied an integral attack on a 15 and 16-round sand-64, including the key recovery step which resulted in time complexity of (2^{105}) and (2^{109.91}) and memory complexity of (2^{52}) and (2^{85}) bytes, respectively.