## Unified Impossible Differential Cryptanalysis on Block Cipher Structures

Citations: | 1 - 0 self |

### BibTeX

@MISC{Luo_unifiedimpossible,

author = {Yiyuan Luo and Zhongming Wu and Xuejia Lai},

title = {Unified Impossible Differential Cryptanalysis on Block Cipher Structures},

year = {}

}

### OpenURL

### Abstract

In this paper, we propose a systematic search method for finding the impossible differential characteristic for block cipher structures, better than the U-method introduced by Kim et al [6]. This method is referred as unified impossible differential (UID) cryptanalysis. We give practical UID cryptanalysis on some popular block ciphers and give the detailed impossible differential characteristics. On the generalized CAST-256 and generalized MARS block cipher structure, our results are better than the U-method. On the Four-Cell, FOX64, our results are the same as previous best manual works. Thus UID method can be used as a tool for examining the security of a block cipher structure against impossible differential cryptanalysis. 1

### Citations

147 |
Differentially Uniform Mappings for Cryptography
- Nyberg
- 1994
(Show Context)
Citation Context ...tatus are treated as subblocks. Many block ciphers use a small nonlinear bijection transform as the subblock (S-box) to implement confusion. There are some criteria established for S-box’s properties =-=[9]-=-. Most block ciphers’ S-boxes are designed under these criteria, so it becomes more and more difficult to find weaknesses in S-box. Impossible differential cryptanalysis tries to ignore weaknesses of ... |

119 | Cryptanalysis of Skipjack Reduced to 31 Rounds Using Impossible Differentials
- Biham, Biryukov, et al.
- 1999
(Show Context)
Citation Context ...ity of a block cipher structure against impossible differential cryptanalysis. 1 Introduction Impossible differential cryptanalysis was first proposed by Biham, et al. to attack Skipjack block cipher =-=[1]-=-. It is known as one of the most powerful attacks on block ciphers. It has drawn wide attention in block cipher design and analysis and many good results are achieved [1, 2, 14], just list a few. Comp... |

23 | FOX: A New Family of Block Ciphers
- Junod, Vaudenay
- 2005
(Show Context)
Citation Context ...s, we find the longer impossible differential characteristic on generalized CAST-256 [8] and generalized MARS [8] block cipher structures than the U-method. For the block ciphers Four-Cell [4], FOX64 =-=[5]-=-, our results are the same as previous best results obtained by case-by-case treatment. The detailed impossible differential characteristics are listed in Table 3. Our practical results show that UID ... |

14 |
Impossible differential cryptanalysis for block cipher structures
- Kim, Hong, et al.
- 2003
(Show Context)
Citation Context ...loo. Abstract In this paper, we propose a systematic search method for finding the impossible differential characteristic for block cipher structures, better than the U-method introduced by Kim et al =-=[6]-=-. This method is referred as unified impossible differential (UID) cryptanalysis. We give practical UID cryptanalysis on some popular block ciphers and give the detailed impossible differential charac... |

13 | On the pseudorandomness of Top-Level schemes of block ciphers
- Moriai, Vaudenay
- 1976
(Show Context)
Citation Context ... U-method. We give some practical cryptanalysis on popular block cipher structures using UID. With UID cryptanalysis, we find the longer impossible differential characteristic on generalized CAST-256 =-=[8]-=- and generalized MARS [8] block cipher structures than the U-method. For the block ciphers Four-Cell [4], FOX64 [5], our results are the same as previous best results obtained by case-by-case treatmen... |

8 | Attacking reduced-round versions of the SMS4 block cipher
- Lu
- 2007
(Show Context)
Citation Context ...0, x} ↛16 {y, 0, 0, x} this paper Gen MARS[8] 4 9 round {0, 0, 0, x} ↛9 {x, y, 0, 0} this paper Gen RC6[8] 4 9 round {0, 0, x, 0} ↛9 {0, y, 0, 0} [6] SMS4[13] 4 11 round {x, x, x, 0} ↛11 {0, x, x, x} =-=[7]-=- FOX64[5] 8 4 round {0, x, 0, x, 0, x, 0, x} ↛4 {y1, y2, y1, y3, y1, y2, y1, y3} the same as [11] In Table 4, the UID result on Four-Cell is the same as [12] and the UID result on FOX64 is the same as... |

4 | Cryptographic properties and application of a generalized unbalanced feistel network structure
- Choy, Chew, et al.
- 2009
(Show Context)
Citation Context ...ryptanalysis, we find the longer impossible differential characteristic on generalized CAST-256 [8] and generalized MARS [8] block cipher structures than the U-method. For the block ciphers Four-Cell =-=[4]-=-, FOX64 [5], our results are the same as previous best results obtained by case-by-case treatment. The detailed impossible differential characteristics are listed in Table 3. Our practical results sho... |

4 | Analysis of two attacks on reduced-round versions - Toz, Dunkelman - 2008 |

3 | Security analysis of the GF-NLFSR structure and Four-Cell block cipher
- Wu, Zhang, et al.
- 2009
(Show Context)
Citation Context ...< ∅, {m6}, ∅ > and U 6 Y =< ∅, ∅, ∅ > are inconsistent. Thus an impossible differential characteristic is found. The result is the same as the best impossible differential cryptanalysis of Four-Cell. =-=[12, 12]-=- Besides the Four-Cell cipher, we also give the UID cryptanalysis results to some popular block cipher structures, as listed in Table 4. Table 4: UID method on popular block cipher structures Block Ci... |

3 |
New results on impossible differential cryptanalysis of reduced aes
- Zhang, Wu, et al.
(Show Context)
Citation Context ... attack Skipjack block cipher [1]. It is known as one of the most powerful attacks on block ciphers. It has drawn wide attention in block cipher design and analysis and many good results are achieved =-=[1, 2, 14]-=-, just list a few. Compared with ordinary differential cryptanalysis, impossible differential cryptanalysis considers the differences that are impossible at some intermediate state of the block cipher... |

1 |
Miss in the middle attacks on IDEA
- Biham, Biryukov, et al.
- 1999
(Show Context)
Citation Context ... attack Skipjack block cipher [1]. It is known as one of the most powerful attacks on block ciphers. It has drawn wide attention in block cipher design and analysis and many good results are achieved =-=[1, 2, 14]-=-, just list a few. Compared with ordinary differential cryptanalysis, impossible differential cryptanalysis considers the differences that are impossible at some intermediate state of the block cipher... |

1 |
Improved cryptanalysis of FOX block cipher
- Wu, Luo, et al.
- 2009
(Show Context)
Citation Context ...Gen RC6[8] 4 9 round {0, 0, x, 0} ↛9 {0, y, 0, 0} [6] SMS4[13] 4 11 round {x, x, x, 0} ↛11 {0, x, x, x} [7] FOX64[5] 8 4 round {0, x, 0, x, 0, x, 0, x} ↛4 {y1, y2, y1, y3, y1, y2, y1, y3} the same as =-=[11]-=- In Table 4, the UID result on Four-Cell is the same as [12] and the UID result on FOX64 is the same as [11]. In [6], Kim et al. present a 15-round impossible differential characteristics on Gen CAST-... |