SKINNY is a new lightweight tweakable block cipher family proposed by Beierle et al. at CRYPTO 2016. SKINNY has 6 main variants where SKINNY-n-t is a block cipher that operates on n-bit blocks using t-bit tweakey (key and tweak) where n = 64 or 128 and t = n, 2n, or 3n. In this paper, we present impossible differential attacks against reduced-round versions of all the 6 members of the SKINNY fa...

We proposed the division property, which is a new method to find integral characteristics, at EUROCRYPT 2015. In this paper, we expound the division property, its effectiveness, and follow-up results. Higher-Order Differential and Integral Cryptanalyses. After the proposal of the differential cryptanalysis [1], many extended cryptanalyses have been proposed. The higher-order differential crypta...

MARS’s s-boxes were generated using a new algorithm developed by the IBM team, which was supposedly able of producing secure s-boxes against both differential and linear cryptanalysis. In this paper we show this is not the case, because their strength against linear cryptanalysis is not better (in fact, it seems to be worse) that what could be expected if generated randomly.

Most last-round attacks on iterated block ciphers provide some design criteria for the round function. Here, we focus on the links between the underlying properties. Most notably, we investigate the relations between the functions which oppose a high resistance to linear cryptanalysis and to differential cryptanalysis.

We describe Constraint Programming (CP) models to solve a cryptanalytic problem: the chosen key differential attack against the standard block cipher AES. We show that CP solvers are able to solve these problems quicker than dedicated cryptanalysis tools, and we prove that a solution claimed to be optimal in two recent cryptanalysis papers is not optimal by providing a better solution.

Differential Cryptanalysis (DC) is one of the oldest known attacks on block ciphers and there is no doubt that it has influenced the design of encryption algorithms very deeply, ever since the 1970s. DC is based on tracking of changes in the differences between two messages as they pass through the consecutive rounds of encryption. However DC remains poorly understood. In this paper we survey s...

Impossible differential attacks against Rijndael and Crypton have been proposed up to 5-round. In this paper we expand the impossible differential attacks to 6-round. Although we use the same 4-round impossible differential as in five round attacks, we put this impossible differential in the middle of 6-round. That is, we will consider one round before the impossible differential and one more r...

We introduce the notion of amplified side-channel attacks, i.e. the application of block cipher cryptanalysis techniques to amplify effects exploitable by side-channel attacks. Such an approach is advantageous since it fully exploits the special characteristics of each technique in situations where each thrives the most. As an example, we consider the integration of block cipher cryptanalysis t...

This paper considers an extension of standard differential cryptanalysis in which a number of output differences arising from a single input difference are considered, and gives a statistical treatment of this situation.