Impossible differential attack is one of powerful methods for analyzing block ciphers. When designing block ciphers, it must be safe for impossible differential attacks. In case of impossible differential attack, the attack starts from finding the impossible differential characteristic. However, in the case of the ARX-based block cipher, these analyzes were difficult due to the addition of modu...

Abstract In this paper, we greatly increase the number of impossible differentials for SIMON and SIMECK by eliminating 1-bit constraint in input/output difference, which is precondition to ameliorate complexity attacks. We propose an algorithm can reduce searching find such trails efficiently since search space exponentially expands with multiple active bits. There another situation leading con...

Crypton is a 12-round block cipher proposed as an AES candidate and Crtpton v1.0 is the revised version. In this paper, we present two related-key impossible differential attacks to reduced-round Crypton and Crypton v1.0. By carefully choosing the relations of keys, constructing some 6round related-key differential trials and using some observations on the cipher, we first break 9-round Crypton...

This paper presents an improved impossible differential attack on the new block cipher CLEFIA which is proposed by Sony Corporation at FSE 2007. Combining some observations with new tricks, we can filter out the wrong keys more efficiently, and improve the impossible differential attack on 11-round CLEFIA-192/256, which also firstly works for CLEFIA-128. The complexity is about 2 encryptions an...

Camellia is one of the most worldwide used block ciphers, which has been selected as a standard by ISO/IEC. In this paper, we propose several new 7-round impossible differentials of Camellia with 2 FL/FL−1 layers, which turn out to be the first 7-round impossible differentials with 2 FL/FL−1 layers. Combined with some basic techniques including the early abort approach and the key schedule cons...

This paper studies the search for the impossible differentials of E2. We apply the Shrinking technique, the miss-in-the-middle technique, and a new search algorithm to E2. As a result, no impossible differential is found for E2 with more than 5 rounds. We conclude that E2 is secure against cryptanalysis using impossible differentials derived by the currently known techniques.

1 Statistical attacks on block ciphers make use of a property of the cipher so that an incident occurs with different probabilities depending on whether the correct key is used or not. For instance, differential cryptanalysis [1] considers characteristics or differentials which show that a particular output difference should be obtained with a relatively high probability when a particular input...

1 Evaluation of security 1.1. Differential cryptanalysis In extending differential cryptanalysis, Aoki , Kobayashi, and Moriai [1] greatly reduced the computational amount needed [2]. They determined that differential cryptanalysis could not be applied to FEAL with more than 32 rounds. Biham et al. [3] proposed a new cyptanalysis of Skipjack [4] using impossible differentials. Although regular ...