At FSE 2009, Albrecht et al. proposed a new cryptanalytic method that combines algebraic and differential cryptanalysis. They introduced three new attacks, namely Attack A, Attack B and Attack C. For Attack A, they explain that the time complexity is difficult to determine. The goal of Attacks B and C is to filter out wrong pairs and then recover the key. In this paper, we show that Attack C do...

Algebraic cryptanalysis is a general tool which permits one to assess the security of a wide range of cryptographic schemes. Algebraic techniques have been successfully applied against a number of multivariate schemes and stream ciphers. Yet, their feasibility against block ciphers remains the source of much speculation. At FSE 2009 Albrecht and Cid proposed to combine differential cryptanalysi...

Differential Cryptanalysis is a powerful technique in cryptanalysis, applied to symmetric-key block ciphers. It is a chosen plain-text attack which means the cryptanalyst has some sets of the plain-text and the corresponding cipher-text pairs of his choice. These pairs of the plain-text are related by a constant difference. Basically it is the study of how differences in input information can a...

In this paper, we propose a new lightweight block cipher called LBlock. Similar to many other lightweight block ciphers, the block size of LBlock is 64-bit and the key size is 80-bit. Our security evaluation shows that LBlock can achieve enough security margin against known attacks, such as differential cryptanalysis, linear cryptanalysis, impossible differential cryptanalysis and related-key a...

This paper describes the CAST design procedure for constructing a family of DES-like Substitution-Permutation Network (SPN) cryptosystems which appear to have good resistance to differential cryptanalysis, linear cryptanalysis, and related-key cryptanalysis, along with a number of other desirable cryptographic properties. Details of the design choices in the procedure are given, including those...

In this work we study the security of Chaskey, a recent lightweight MAC designed by Mouha et al., currently being considered for standardization by ISO/IEC and ITU-T. Chaskey uses an ARX structure very similar to SipHash. We present the first cryptanalysis of Chaskey in the single user setting, with a differential-linear attack against 6 and 7 rounds, hinting that the full version of Chaskey wi...

We discuss the impossible differential cryptanalysis of the block cipher Zodiac [7]. The main design principles of Zodiac are simplicity and efficiency. However the diffusion layer in its round function is too simple to offer enough security. An impossible differential cryptanalysis is a proper method to attack the weakness of Zodiac. Our attack using two 14-round impossible characteristics der...

SPNs (Substitution Permutation Networks) are one of the important architectures used for designing block ciphers. In our study, we applied differential cryptanalysis method for a 3-round SPN. We have used a 16-bit input as plaintext and 16-bit output as ciphertext and chosen the first row of the third S-box of DES (Data Encryption Standard) for the necessary S-box and ShiftRows transformation w...

Serpent is a 128-bit SP-Network block cipher consisting of 32 rounds with variable key length (up to 256 bits long). It was selected as one of the 5 AES finalists. The best known attack so far is a linear attack on an 11-round reduced variant. In this paper we apply the enhanced differential-linear cryptanalysis to Serpent. The resulting attack is the best known attack on 11-round Serpent. It r...

Design of SP networks in which the non-linear layer is applied to only a part of the state in each round was suggested by Gérard et al. at CHES 2013. Besides performance advantage on certain platforms, such a design allows for more efficient masking techniques that can mitigate side-channel attacks with a small performance overhead. In this paper we present generic techniques for differential a...