Results 1 
3 of
3
Scrutinizing and Improving Impossible Differential Attacks:
"... Abstract. Impossible differential cryptanalysis has shown to be a very powerful form of cryptanalysis against block ciphers. These attacks, even if extensively used, remain not fully understood because of their high technicality. Indeed, numerous are the applications where mistakes have been discove ..."
Abstract

Cited by 12 (2 self)
 Add to MetaCart
(Show Context)
Abstract. Impossible differential cryptanalysis has shown to be a very powerful form of cryptanalysis against block ciphers. These attacks, even if extensively used, remain not fully understood because of their high technicality. Indeed, numerous are the applications where mistakes have been discovered or where the attacks lack optimality. This paper aims in a first step at formalizing and improving this type of attacks and in a second step at applying our work to block ciphers based on the Feistel construction. In this context, we derive generic complexity analysis formulas for mounting such attacks and develop new ideas for optimizing impossible differential cryptanalysis. These ideas include for example the testing of parts of the internal state for reducing the number of involved key bits. We also develop in a more general way the concept of using multiple differential paths, an idea introduced before in a more restrained context. These advances lead to the improvement of previous attacks against well known ciphers such as CLEFIA128 and Camellia, while also to new attacks against 23round LBlock and all members of the Simon family.
Simon?
"... Abstract. Impossible differential cryptanalysis has shown to be a very powerful form of cryptanalysis against block ciphers. These attacks, even if extensively used, remain not fully understood because of their high technicality. Indeed, numerous are the applications where mistakes have been discove ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. Impossible differential cryptanalysis has shown to be a very powerful form of cryptanalysis against block ciphers. These attacks, even if extensively used, remain not fully understood because of their high technicality. Indeed, numerous are the applications where mistakes have been discovered or where the attacks lack optimality. This paper aims in a first step at formalizing and improving this type of attacks and in a second step at applying our work to block ciphers based on the Feistel construction. In this context, we derive generic complexity analysis formulas for mounting such attacks and develop new ideas for optimizing impossible differential cryptanalysis. These ideas include for example the testing of parts of the internal state for reducing the number of involved key bits. We also develop in a more general way the concept of using multiple differential paths, an idea introduced before in a more restrained context. These advances lead to the improvement of previous attacks against well known ciphers such as CLEFIA128 and Camellia, while also to new attacks against 23round LBlock and all members of the Simon family.
Analysis of Impossible, Integral and ZeroCorrelation Attacks on TypeII Generalized Feistel Networks using the Matrix Method
"... Abstract. While recent publications have shown strong relations between impossible differential and zerocorrelation distinguishers as well as between zerocorrelation and integral distinguishers, we analyze in this paper some relations between the underlying keyrecovery attacks against TypeII Fe ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. While recent publications have shown strong relations between impossible differential and zerocorrelation distinguishers as well as between zerocorrelation and integral distinguishers, we analyze in this paper some relations between the underlying keyrecovery attacks against TypeII Feistel networks. The results of this paper are build on the relation presented at ACNS 2013. In particular, using a matrix representation of the round function, we show that we can not only find impossible, integral and multidimensional zerocorrelation distinguishers but also find the keywords involved in the underlined keyrecovery attacks. Based on this representation, for matrixmethodderived stronglyrelated zerocorrelation and impossible distinguishers, we show that the keywords involved in the zerocorrelation attack is a subset of the keywords involved in the impossible differential attack. Other relations between the keywords involved in zerocorrelation, impossible and integral attacks are also extracted. Also we show that in this context the data complexity of the multidimensional zerocorrelation attack is larger than that of the other two attacks.