Impossible differential cryptanalysis of SPN ciphers

Impossible differential cryptanalysis is a very popular tool for analyzing the security of modern block ciphers and the core of such attack is based on the existence of impossible differentials. Currently, most methods for finding impossible differentials are based on the miss-in-the-middle technique and they are very ad-hoc. In this paper, we concentrate SPN ciphers whose diffusion layer is defined by a linear transformation P . Based on the theory of linear algebra, we propose several criteria on P and its inversion P−1 to characterize the existence of 3/4-round impossible differentials. We further discuss the possibility to extend these methods to analyze 5/6-round impossible differentials. Using these criteria, impossible differentials for reduced-round Rijndael are found that are consistent with the ones found before. New 4-round impossible differentials are discovered for block cipher ARIA. And many 4-round impossible differentials are firstly detected for a kind of SPN cipher that employs a 32 × 32 binary matrix proposed at ICISC 2006 as its diffusion layer. It is concluded that the linear transformation should be carefully designed in order to protect the cipher against impossible differential cryptanalysis.