Some new near 5 rounds impossible differential properties of AES are first presented in this paper, in which active bytes of 1 round or 5 round are in different columns and in favor of extension. Additionally, we first propose the complexities expressions of an universal impossible differential attack, which can help us to rapidly search appropriate impossible differential paths. More important...

This paper studies the security of the block ciphers ARIA and Camellia against impossible differential cryptanalysis. Our work improves the best impossible differential cryptanalysis of ARIA and Camellia known so far. The designers of ARIA expected no impossible differentials exist for 4-round ARIA. However, we found some nontrivial 4-round impossible differentials, which may lead to a possible...

This paper reports impossible differential cryptanalysis on the 128-bit block cipher CLEFIA that was proposed in 2007, including new 9-round impossible differentials for CLEFIA, and the result of an impossible differential attack using them. For the case of a 128-bit key, it is possible to apply the impossible differential attack to CLEFIA reduced to 12 rounds. The number of chosen plaintexts r...

In this paper, we study GF-NLFSR, a Generalized Unbalanced Feistel Network (GUFN) which can be considered as an extension of the outer function FO of the KASUMI block cipher. We show that the differential and linear probabilities of any n + 1 rounds of an n-cell GF-NLFSR are both bounded by p, where the corresponding probability of the round function is p. Besides analyzing security against dif...

Impossible differential is a useful method for cryptanalysis. SIMON is a light weight block cipher that has attracted lots of attention ever since its publication in 2013. In this paper we propose impossible differential attack on five versions of SIMON, using bit conditions to minimize key bits guessed. We calculate keybits and give the exact attack results.

In this paper, we present more powerful 6-round impossible differentials for large-block Rijndael-224 and Rijndael-256 than the ones used by Zhang et al. in ISC 2008. Using those, we can improve the previous impossible differential cryptanalysis of both 9-round Rijndael224 and Rijndael-256. The improvement can lead to 10-round attack on Rijndael-256 as well. With 2 chosen plaintexts, an attack ...

HIGHT is a 32-round block cipher with a 64-bit block size and a 128-bit user key, which was proposed at CHES ’06 for low-resource applications like RFID. In this paper, we present an impossible differential attack on 25-round HIGHT, a related-key rectangle attack on 26round HIGHT, and finally a related-key impossible differential attack on 28-round HIGHT. Our result suggests that the safety mar...

Deoxys is a final-round candidate of the CAESAR competition. Deoxys is built upon an internal tweakable block cipher Deoxys-BC, where in addition to the plaintext and key, it takes an extra non-secret input called a tweak. This paper presents the first impossible differential cryptanalysis of Deoxys-BC-256 which is used in Deoxys as an internal tweakable block cipher. First, we find a 4.5-round...

CLEFIA is a 128-bit block cipher proposed by Sony Corporation in 2007. Our paper introduces a new chosen text attack, the impossible differential-linear attack, on iterated cryptosystems. The attack is efficient for 16-round CLEFIA with whitening keys. In the paper, we construct a 13-round impossible differential-linear distinguisher. Based on the distinguisher, we present an effective attack o...