Impossible differential cryptanalysis and zero-correlation linear cryptanalysis are two of the most useful cryptanalysis methods in the field of symmetric ciphers. Until now, there are several automatic search tools for impossible differentials such as U-method and UID-method, which are all independent of the non-linear S-boxes. Since the differential and linear properties can also contribute t...

HIGHT is a 32-round block cipher with a 64-bit block size and a 128-bit user key, which was proposed at CHES ’06 for low-resource applications like RFID. In this paper, we present an impossible differential attack on 25-round HIGHT, a related-key rectangle attack on 26round HIGHT, and finally a related-key impossible differential attack on 28-round HIGHT. Our result suggests that the safety mar...

This paper describes impossible differential (ID) attacks on an AES variant designed by Venkaiah et al.. They claim that their cipher has improved resistance to ID attacks due to a new MixColumns matrix with a branch number 4, which is smaller than that of the original AES. We argue against this statement. The contributions of this paper include ID distinguishers for Venkaiah et al.’s cipher, a...

In SAC 2013, Berger et al. defined Extended Generalized Feistel Networks (EGFN) and analyzed their security. Later, they proposed a cipher based on this structure: LILLIPUT . Impossible differential attacks and integral attacks have been mounted on LILLIPUT . We propose a tool which has found some classical, impossible and improbable differential attacks by using the variance method. It has hig...

Impossible differential cryptanalysis is a powerful technique to recover the secret key of block ciphers by exploiting the fact that in block ciphers specific input and output differences are not compatible. This paper introduces a novel tool to search truncated impossible differentials for word-oriented block ciphers with bijective Sboxes. Our tool generalizes the earlier U-method and the UID-...

In this paper, we study GF-NLFSR, a Generalized Unbalanced Feistel Network (GUFN) which can be considered as an extension of the outer function FO of the KASUMI block cipher. We show that the differential and linear probabilities of any n + 1 rounds of an n-cell GF-NLFSR are both bounded by p, where the corresponding probability of the round function is p. Besides analyzing security against dif...

Through in-depth study of the 4-round encryption characteristics of advanced encryption standard (AES), a new 4-round differential path with a probability of existence at 2 -30 has been derived. Based on this path, a novel method was proposed for impossible differential cryptanalysis of 8-round AES-256. The analysis method requires 2 95 pairs of chosen plaintexts, approximately 2 163 units of m...

The overall structure is one of the most important properties of block ciphers. At present, the most common structures include Feistel structure, SP structure, MISTY structure, L-M structure and Generalized Feistel structure. In [29], Choy et al. proposed a new structure called GF-NLFSR (Generalized Feistel-NonLinear Feedback Shift Register), and designed a new block cipher called Four-Cell whi...