ASCON is an authenticated encryption algorithm which is recently qualified for the second-round of the Competition for Authenticated Encryption: Security, Applicability, and Robustness. So far, successful differential, differential-linear, and cube-like attacks on the reduced-round ASCON are provided. In this work, we provide the inverse of ASCON’s linear layer in terms of rotations which can b...

1 College of Science, National University of Defense Technology, Changsha, Hunan, P. R. China, 410073 2 Dept. Computer Science and Engineering, Shanghai Jiao Tong University, China 3 Dept. Electrical Engineering (ESAT), KU Leuven and iMinds, Belgium 4 College of Electronic Science and Engineering, National University of Defense Technology, Changsha, Hunan, P. R. China, 410073 5 Technical Univer...

Finding the longest impossible differentials is an essential assignment in proceeding impossible differential cryptanalysis. In this paper, we introduce a novel tool to search the longest truncated impossible differentials for word-oriented block ciphers with bijective S-boxes. It costs polynomial time to return a flag indicating whether a truncated differential is impossible under several filt...

Differential and Linear Cryptanalysis are two most popular techniques that have been widely used to attacks block ciphers to reveal its weakness in substitution and permutation network. Most of the block ciphers which are resistant against Differential and Linear Cryptanalysis may not be immune to their latest extensions such as Impossible Differential Cryptanalysis (IDC) and Zero Correlation L...

Camellia is one of the widely used block ciphers, which has been selected as an international standard by ISO/IEC. In this paper, by exploiting some interesting properties of the key-dependent layer, we improve previous results on impossible differential cryptanalysis of reduced-round Camellia and gain some new observations. First, we introduce some new 7-round impossible differentials of Camel...

Impossible differential cryptanalysis has been proved to be one of the most powerful techniques to attack block ciphers. Based on the impossible differential paths, we can usually add several rounds before or after to launch the key recovery attack. Impossible differential cryptanalysis is powerful not only because the number of rounds it can break is very competitive compared to other attacks,...

Khudra is a 18-round lightweight block cipher proposed by Souvik Kolay and Debdeep Mukhopadhyay in the SPACE 2014 conference which is applicable to Field Programmable Gate Arrays (FPGAs). In this paper, we obtain 2 14-round related-key impossible differentials of Khudra, and based on these related-key impossible differentials for 32 related keys, we launch an attack on the full Khudra with data...