TY - JOUR
T1 - Impossible differential cryptanalysis using matrix method
AU - Kim, Jongsung
AU - Hong, Seokhie
AU - Lim, Jongin
N1 - Funding Information:
A preliminary version of this article was presented at Indocrypt 2003 with the title “Impossible Differential Cryptanalysis for Block Cipher Structures” and appeared in Lecture Notes in Computer Science, Vol. 2904, pp. 82–96, Springer-Verlag, 2003. This work was supported by the Second Brain Korea 21 Project.
PY - 2010/3/6
Y1 - 2010/3/6
N2 - The general strategy of impossible differential cryptanalysis is to first find impossible differentials and then exploit them for retrieving subkey material from the outer rounds of block ciphers. Thus, impossible differentials are one of the crucial factors to see how much the underlying block ciphers are resistant to impossible differential cryptanalysis. In this article, we introduce a widely applicable matrix method to find impossible differentials of block cipher structures whose round functions are bijective. Using this method, we find various impossible differentials of known block cipher structures: Nyberg's generalized Feistel network, a generalized CAST256-like structure, a generalized MARS-like structure, a generalized RC6-like structure, Rijndael structures and generalized Skipjack-like structures. We expect that the matrix method developed in this article will be useful for evaluating the security of block ciphers against impossible differential cryptanalysis, especially when one tries to design a block cipher with a secure structure.
AB - The general strategy of impossible differential cryptanalysis is to first find impossible differentials and then exploit them for retrieving subkey material from the outer rounds of block ciphers. Thus, impossible differentials are one of the crucial factors to see how much the underlying block ciphers are resistant to impossible differential cryptanalysis. In this article, we introduce a widely applicable matrix method to find impossible differentials of block cipher structures whose round functions are bijective. Using this method, we find various impossible differentials of known block cipher structures: Nyberg's generalized Feistel network, a generalized CAST256-like structure, a generalized MARS-like structure, a generalized RC6-like structure, Rijndael structures and generalized Skipjack-like structures. We expect that the matrix method developed in this article will be useful for evaluating the security of block ciphers against impossible differential cryptanalysis, especially when one tries to design a block cipher with a secure structure.
KW - Block ciphers
KW - Cryptanalysis
KW - Feistel
KW - Impossible differential cryptanalysis
KW - Matrix method
KW - Rijndael
KW - Skipjack
UR - http://www.scopus.com/inward/record.url?scp=72749105576&partnerID=8YFLogxK
U2 - 10.1016/j.disc.2009.10.019
DO - 10.1016/j.disc.2009.10.019
M3 - Article
AN - SCOPUS:72749105576
SN - 0012-365X
VL - 310
SP - 988
EP - 1002
JO - Discrete Mathematics
JF - Discrete Mathematics
IS - 5
ER -