In this paper, we present a related key truncated differential attack on 27 rounds of XTEA which is the best known attack so far. With an expected success rate of 96.9%, we can attack 27 rounds of XTEA using 2 chosen plaintexts and with a complexity of 2 27round XTEA encryptions. We also propose several attacks on GOST. First, we present a distinguishing attack on full-round GOST, which can dis...

In 1994 Langford and Hellman introduced differential-linear cryptanalysis, which involves building a differential-linear distinguisher by concatenating a linear approximation with such a (truncated) differential that with probability 1 does not affect the bit(s) concerned by the input mask of the linear approximation. In 2002 Biham, Dunkelman and Keller presented an enhanced approach to include...

Differential cryptanalysis is one of the most critical analysis methods to evaluate security strength cryptographic algorithms. This paper first applies genetic algorithm search for differential characteristics in cryptanalysis. A new proposed as fitness function generate a high-probability characteristic from given input difference. Based on found by algorithm, Boolean satisfiability (SAT) use...

This paper deals with the security of MISTY structure with SPN round function. We study the lower bound of the number of active s-boxes for differential and linear characteristics of such block cipher construction. Previous result shows that the differential bound is consistent with the case of Feistel structure with SPN round function, yet the situation changes when considering the linear boun...

This paper shows a surprising similarity between the construction of, respectively, impossible differentials and square distinguishers. This observation is illustrated by comparing two attacks on IDEA (Biham & al., FSE’99 [2], Nakahara & al., 2001 [7]). Using this similarity, we also derive a 16-round square distinguisher on Skipjack, directly based on the impossible differential attack present...

In [12], T. Matsumoto and H. Imai designed an asymmetric cryptosystem, called C∗, for authentication, encryption and signature. This C∗ scheme was broken in [13] due to unexpected algebraic properties. In this paper, we study some new “candidate” asymmetric cryptosystems based on the idea of hiding one or two rounds of small S-box computations with secret functions of degree one or two. The pub...