Our trust in specific symmetric primitives relies on their ability to resist all known cryptanalytic attacks. Therefore, cryptanalysis is the only proper way to evaluate their security. In this paper, we investigate the behavior of symmetric primitives in the quantum world. This requires to extend the toolkit of symmetric cryptanalysis to the quantum setting, eventually including new attacks. W...

Zero correlation linear cryptanalysis is a novel key recovery technique for block ciphers proposed in [5]. It is based on linear approximations with probability of exactly 1/2 (which corresponds to the zero correlation). Some block ciphers turn out to have multiple linear approximations with correlation zero for each key over a considerable number of rounds. Zero correlation linear cryptanalysi...

Estimating immunity against differential and linear cryptanalysis is essential in designing secure block ciphers. A practical measure to achieve it is to find the minimal number of active S-boxes, or a lower bound for this minimal number. In this paper, we provide a general algorithm using integer programming, which not only can estimate a good lower bound of the minimal differential active S-b...

Signed difference approach was first introduced by Wang for finding collision in MD5. In this paper we introduce ternary difference approach and present it in 3 symbols. To show its application we combine ternary difference approach with conventional differential cryptanalysis and apply that to cryptanalysis the reduced round PRESENT. We also use ant colony technique to obtain the best differen...

In this paper, we improve the impossible differential attack on 20-round LBlock given in the design paper of the LBlock cipher. Using relations between the round keys we attack on 21-round and 22-round LBlock with a complexity of 2 and 2 encryptions respectively. We use the same 14-round impossible differential characteristic observed by the designers to attack on 21 rounds and another 14-round...

This paper studies the security of ARIA against impossible differential cryptanalysis. Firstly an algorithm is given to find many new 4-round impossible differentials of ARIA. Followed by such impossible differentials, we improve the previous impossible differential attack on 5/6-round ARIA. We also point out that the existence of such impossible differentials are due to the bad properties of t...