‡ A multi-year project to identify new stream ciphers that might become suitable for widespread adoption

Simon is a lightweight block cipher family proposed by NSA in 2013. It has drawn many cryptanalysts’ attention and varieties of cryptanalysis results have been published, including differential, linear, impossible differential, integral cryptanalysis and so on. In this paper, we give the improved linear attacks on all reduced versions of Simon with dynamic key-guessing technique, which was prop...

Impossible differential cryptanalysis has shown to be a very powerful form of cryptanalysis against block ciphers. These attacks, even if extensively used, remain not fully understood because of their high technicality. Indeed, numerous are the applications where mistakes have been discovered or where the attacks lack optimality. This paper aims in a first step at formalizing and improving this...

We introduce subspace trail cryptanalysis, a generalization of invariant subspace cryptanalysis. With this more generic treatment of subspaces we do no longer rely on specific choices of round constants or subkeys, and the resulting method is as such a potentially more powerful attack vector. Interestingly, subspace trail cryptanalysis in fact includes techniques based on impossible or truncate...

Impossible differential cryptanalysis has shown to be a very powerful form of cryptanalysis against block ciphers. These attacks, even if extensively used, remain not fully understood because of their high technicality. Indeed, numerous are the applications where mistakes have been discovered or where the attacks lack optimality. This paper aims in a first step at formalizing and improving this...

In this paper, we present EPCBC, a lightweight cipher that has 96-bit key size and 48-bit/96-bit block size. This is suitable for Electronic Product Code (EPC) encryption, which uses low-cost passive RFID-tags and exactly 96 bits as a unique identifier on the item level. EPCBC is based on a generalized PRESENT with block size 48 and 96 bits for the main cipher structure and customized key sched...

The Advanced Encryption Standard (AES) is a 128-bit block cipher with a user key of 128, 192 or 256 bits, released by NIST in 2001 as the next-generation data encryption standard for use in the USA. It was adopted as an ISO international standard in 2005. Impossible differential cryptanalysis and the boomerang attack are powerful variants of differential cryptanalysis for analysing the security...

Introduction Linear and differential cryptanalysis have existed for years as a set of tools to establish a metric of resiliency for cryptographic ciphers utilizing the substitution-permutation network (SPN) design, a category of cryptographic cipher in which many popular ciphers, such as the Advanced Encryption Standard (AES). This is typically an involved process with many manual steps, often ...

In this article I analyze the function f(X) = A + X (mod 2 ) exclusive-or differential probability. 1 The result, regarding differential cryptanalysis, is a better understanding of ciphers that use f(X) as a primitive operation. A simple O(α ) algorithm to compute the probability is given.

In this article I analyze the function f(X) = A + X (mod 2 ) exclusive-or differential probability. 1 The result, regarding differential cryptanalysis, is a better understanding of ciphers that use f(X) as a primitive operation. A simple O(α ) algorithm to compute the probability is given.