The Advanced Encryption Standard (AES) is a 128-bit block cipher with a user key of 128, 192 or 256 bits, released by NIST in 2001 as the next-generation data encryption standard for use in the USA. It was adopted as an ISO international standard in 2005. Impossible differential cryptanalysis and the boomerang attack are powerful variants of differential cryptanalysis for analysing the security...

Camellia is a block cipher selected as a standard by ISO/IEC, which has been analyzed by a number of cryptanalysts. In this paper, we propose several 6-round impossible differential paths of Camellia with the FL/FL−1 layer in the middle of them. With the impossible differential and a well-organized precomputational table, impossible differential attacks on 10-round Camellia-192 and 11-round Cam...

Impossible differential cryptanalysis has shown to be a very powerful form of cryptanalysis against block ciphers. These attacks, even if extensively used, remain not fully understood because of their high technicality. Indeed, numerous are the applications where mistakes have been discovered or where the attacks lack optimality. This paper aims in a first step at formalizing and improving this...

While impossible di erential cryptanalysis is a well-known and popular cryptanalytic method, errors in the analysis are often discovered and many papers in the literature present aws. Wishing to solve that, Boura et al. [1] presented at ASIACRYPT'14 a generic vision of impossible di erential attacks with the aim of simplifying and helping the construction and veri cation of this type of cryptan...

Camellia, a 128–bit block cipher which has been accepted by ISO/IEC as an international standard, is increasingly being used in many cryptographic applications. In this paper, using the redundancy in the key schedule and accelerating the filtration of wrong pairs, we present a new impossible differential attack to reduced–round Camellia. By this attack 12–round Camellia–128 without FL/FL−1 func...

We propose a new method for evaluating the security of block ciphers against di erential cryptanalysis and propose new structures for block ciphers. To this end, we de ne the word-wise Markov (Feistel) cipher and random output-di erential (Feistel) cipher and clarify the relations among the di erential, the truncated di erential and the impossible di erential cryptanalyses of the random output-...

In this paper, we study applications of Bernstein-Vazirani algorithm and present several new methods to attack block ciphers. Specifically, we first present a quantum algorithm for finding the linear structures of a function. Based on it, we propose new quantum distinguishers for the 3-round Feistel scheme and a new quantum algorithm to recover partial key of the EvenMansour construction. After...

Impossible differential cryptanalysis and zero-correlation linear cryptanalysis are two of the most useful cryptanalysis methods in the field of symmetric ciphers. Until now, there are several automatic search tools for impossible differentials such as U-method and UID-method, which are all independent of the non-linear S-boxes. Since the differential and linear properties can also contribute t...

Simon is a lightweight block cipher designed by NSA in 2013. NSA presented the specification and the implementation efficiency, but they did not provide detailed security analysis nor the design rationale. The original Simon has rotation constants of (1, 8, 2), and Kölbl et al. regarded the constants as a parameter (a, b, c), and analyzed the security of Simon block cipher variants against diff...

1 College of Science, National University of Defense Technology, Changsha, Hunan, P. R. China, 410073 2 Dept. Computer Science and Engineering, Shanghai Jiao Tong University, China 3 Dept. Electrical Engineering (ESAT), KU Leuven and iMinds, Belgium 4 College of Electronic Science and Engineering, National University of Defense Technology, Changsha, Hunan, P. R. China, 410073 5 Technical Univer...