In this paper we examine the strength of AES against the related-key impossible differential attack, following the work of Jakimoski and Desmedt [12]. We use several additional observations to substantially improve the data and time complexities of their attacks. Amongst our results, we present a related-key attack on 7-round AES-192 with data complexity of 2 chosen plaintexts (instead of 2). O...

In this paper, we present more powerful 6-round impossible differentials for large-block Rijndael-224 and Rijndael-256 than the ones used by Zhang et al. in ISC 2008. Using those, we can improve the previous impossible differential cryptanalysis of both 9-round Rijndael224 and Rijndael-256. The improvement can lead to 10-round attack on Rijndael-256 as well. With 2 chosen plaintexts, an attack ...

We introduce the notion of amplified side-channel attacks, i.e. the application of block cipher cryptanalysis techniques to amplify effects exploitable by side-channel attacks. Such an approach is advantageous since it fully exploits the special characteristics of each technique in situations where each thrives the most. As an example, we consider the integration of block cipher cryptanalysis t...

Impossible differential (ID), zero-correlation (ZC), and integral attacks are a family of important on block ciphers. For example, the impossible attack was first cryptanalytic 7 rounds AES. Evaluating security ciphers against these is very but also challenging: Finding usually implies combinatorial optimization problem involving many parameters constraints that hard to solve using manual appro...

Impossible differential attacks against Rijndael and Crypton have been proposed up to 5-round. In this paper we expand the impossible differential attacks to 6-round. Although we use the same 4-round impossible differential as in five round attacks, we put this impossible differential in the middle of 6-round. That is, we will consider one round before the impossible differential and one more r...

Simon is a lightweight block cipher designed by NSA in 2013. NSA presented the specification and the implementation efficiency, but they did not provide detailed security analysis nor the design rationale. The original Simon has rotation constants of (1, 8, 2), and Kölbl et al. regarded the constants as a parameter (a, b, c), and analyzed the security of Simon block cipher variants against diff...

Differentials with low probability are used in improbable differential cryptanalysis to distinguish a cipher from a random permutation. Due to large diffusion, finding such differentials for actual ciphers remains a challenging task. At Indocrypt 2010, Tezcan proposed a method to derive improbable differential distinguishers from impossible differential ones. In this paper, we discuss the valid...

In this paper, we investigate the impossible differential properties of the underlying block cipher and compression function of the new cryptographic hashing standard of the Russian federation Streebog. Our differential trail is constructed in such a way that allows us to recover the key of the underlying block cipher by observing input and output pairs of the compression function which utilize...

Impossible differential cryptanalysis is a very popular tool for analyzing the security of modern block ciphers and the core of such attack is based on the existence of impossible differentials. Currently, most methods for finding impossible differentials are based on the miss-in-the-middle technique and they are very ad-hoc. In this paper, we concentrate SPN ciphers whose diffusion layer is de...