Impossible differential cryptanalysis using matrix method

Jongsung Kim, Seokhie Hong, Jongin Lim

Research output: Contribution to journalArticlepeer-review

40 Citations (Scopus)


The general strategy of impossible differential cryptanalysis is to first find impossible differentials and then exploit them for retrieving subkey material from the outer rounds of block ciphers. Thus, impossible differentials are one of the crucial factors to see how much the underlying block ciphers are resistant to impossible differential cryptanalysis. In this article, we introduce a widely applicable matrix method to find impossible differentials of block cipher structures whose round functions are bijective. Using this method, we find various impossible differentials of known block cipher structures: Nyberg's generalized Feistel network, a generalized CAST256-like structure, a generalized MARS-like structure, a generalized RC6-like structure, Rijndael structures and generalized Skipjack-like structures. We expect that the matrix method developed in this article will be useful for evaluating the security of block ciphers against impossible differential cryptanalysis, especially when one tries to design a block cipher with a secure structure.

Original languageEnglish
Pages (from-to)988-1002
Number of pages15
JournalDiscrete Mathematics
Issue number5
Publication statusPublished - 2010 Mar 6


  • Block ciphers
  • Cryptanalysis
  • Feistel
  • Impossible differential cryptanalysis
  • Matrix method
  • Rijndael
  • Skipjack

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Discrete Mathematics and Combinatorics


Dive into the research topics of 'Impossible differential cryptanalysis using matrix method'. Together they form a unique fingerprint.

Cite this