scholarly journals Impossible Differential Distinguishers of Two Generalized Feistel Structures

2020 ◽  
Vol 2020 ◽  
pp. 1-9
Author(s):  
Huili Wang ◽  
Wenping Ma ◽  
Lang Liao ◽  
Yushan Li ◽  
Linfeng Zheng
Keyword(s):  
Diffusion Layer ◽  
Block Ciphers ◽  
Round Function ◽  
Impossible Differential ◽  
Impossible Differentials

Generalized Feistel structures are widely used in the design of block ciphers. In this paper, we focused on retrieving impossible differentials for two kinds of generalized Feistel structures: CAST256-like structure with Substitution-Permutation (SP) or Substitution-Permutation-Substitution (SPS) round functions (named CAST256SP and CAST256SPS, respectively) and MARS-like structure with SP/SPS round function (named MARSSP and MARSSPS, respectively). Known results show that for bijective round function, CAST256-like structures and MARS-like structures have (m2−1) and (2m−1) rounds impossible differentials, respectively. By our observation, there existed (m2+m) rounds impossible differentials in CAST256SP and (3m−3) rounds impossible differentials in MARSSPS (this result does not require the P layer to be invertible). When the diffusion layer satisfied some special conditions, CAST256SPS had (m2+m−1) rounds impossible differentials and MARSSPS had (3m−3) rounds impossible differentials.

scholarly journals Searching for impossible subspace trails and improved impossible differential characteristics for SIMON-like block ciphers

Cybersecurity ◽  
2021 ◽  
Vol 4 (1) ◽  
Author(s):  
Xuzi Wang ◽  
Baofeng Wu ◽  
Lin Hou ◽  
Dongdai Lin
Keyword(s):  
Great Increase ◽  
Search Space ◽  
Block Ciphers ◽  
The State ◽  
Input Output ◽  
Impossible Differential ◽  
Milp Model ◽  
First Time ◽  
Impossible Differentials ◽  
State Of Art

AbstractIn this paper, we greatly increase the number of impossible differentials for SIMON and SIMECK by eliminating the 1-bit constraint in input/output difference, which is the precondition to ameliorate the complexity of attacks. We propose an algorithm which can greatly reduce the searching complexity to find such trails efficiently since the search space exponentially expands to find impossible differentials with multiple active bits. There is another situation leading to the contradiction in impossible differentials except for miss-in-the-middle. We show how the contradiction happens and conclude the precondition of it defined as miss-from-the-middle. It makes our results more comprehensive by applying these two approach simultaneously. This paper gives for the first time impossible differential characteristics with multiple active bits for SIMON and SIMECK, leading to a great increase in the number. The results can be verified not only by covering the state-of-art, but also by the MILP model.

scholarly journals Revisiting Impossible Differential Distinguishers of Two Generalized Feistel Structures

2021 ◽  
Vol 2021 ◽  
pp. 1-10
Author(s):  
Xuan Shen ◽  
Lei Cheng ◽  
Bing Sun ◽  
Jun He
Keyword(s):  
Block Ciphers ◽  
Differential Attack ◽  
Negative Numbers ◽  
Round Function ◽  
Linear Layer ◽  
Impossible Differential ◽  
Impossible Differential Attack

Impossible differential attack is one of the most effective cryptanalytic methods for block ciphers. Its key step is to construct impossible differential distinguishers as long as possible. In this paper, we mainly focus on constructing longer impossible differential distinguishers for two kinds of generalized Feistel structures which are m -dataline CAST256-like and MARS-like structures. When their round function takes Substitution Permutation SP and Substitution Permutation Substitution SPS types, they are called CAST 256 SP / CAST 256 SPS and MARS SP / MARS SPS , respectively. For CAST 256 SP / CAST 256 SPS , the best known result for the length of the impossible differential distinguisher was m 2 + m / m 2 + m − 1 rounds, respectively. With the help of the linear layer P , we can construct m 2 + m + Λ 0 / m 2 + m + Λ 1 -round impossible differential distinguishers, where Λ 0 and Λ 1 are non-negative numbers if P satisfies some restricted conditions. For MARS SPS , the best known result for the length of the impossible differential distinguisher was 3 m − 1 rounds. We can construct 3 m -round impossible differential distinguishers which are 1 round longer than before. To our knowledge, the results in this paper are the best for the two kinds of generalized Feistel structures.

scholarly journals Improved Impossible Differentials and Zero-Correlation Linear Hulls of New Structure III

2021 ◽  
Vol 2021 ◽  
pp. 1-11
Author(s):  
Jun He ◽  
Xuan Shen ◽  
Guoqiang Liu
Keyword(s):  
Block Cipher ◽  
Characteristic Matrix ◽  
Linear Cryptanalysis ◽  
The Core ◽  
Round Function ◽  
Linear Layer ◽  
Zero Correlation ◽  
Impossible Differential ◽  
Impossible Differentials ◽  
Impossible Differential Cryptanalysis

Impossible differential cryptanalysis and zero-correlation linear cryptanalysis are two kinds of most effective tools for evaluating the security of block ciphers. In those attacks, the core step is to construct a distinguisher as long as possible. In this paper, we focus on the security of New Structure III, which is a kind of block cipher structure with excellent resistance against differential and linear attacks. While the best previous result can only exploit one-round linear layer P to construct impossible differential and zero-correlation linear distinguishers, we try to exploit more rounds to find longer distinguishers. Combining the Miss-in-the-Middle strategy and the characteristic matrix method proposed at EUROCRYPT 2016, we could construct 23-round impossible differentials and zero-correlation linear hulls when the linear layer P satisfies some restricted conditions. To our knowledge, both of them are 1 round longer than the best previous works concerning the two cryptanalytical methods. Furthermore, to show the effectiveness of our distinguishers, the linear layer of the round function is specified to the permutation matrix of block cipher SKINNY which was proposed at CRYPTO 2016. Our results indicate that New Structure III has weaker resistance against impossible differential and zero-correlation linear attacks, though it possesses good differential and linear properties.

scholarly journals Correlation Distribution Analysis of a Two-Round Key-Alternating Block Cipher

2019 ◽  
Vol 73 (1) ◽  
pp. 109-130
Author(s):  
Liliya Kraleva ◽  
Vincent Rijmen ◽  
Nikolai L. Manev
Keyword(s):  
Block Cipher ◽  
Block Ciphers ◽  
Distribution Analysis ◽  
Correlation Distribution ◽  
Input And Output ◽  
Round Function ◽  
Positive Integers

Abstract In this paper we study two-round key-alternating block ciphers with round function f (x)= x(2t+1)2s, where t, s are positive integers. An algorithm to compute the distribution weight in respect to input and output masks is described. Also, in the case t = 1 the correlation distributions depending on input and output masks are completely determined for arbitrary pairs of masks.

scholarly journals Improved Security Evaluation of SPN Block Ciphers and its Applications in the Single-key Attack on SKINNY

2020 ◽  
pp. 171-191
Author(s):  
Wenying Zhang ◽  
Meichun Cao ◽  
Jian Guo ◽  
Enes Pasalic
Keyword(s):  
Block Cipher ◽  
Internal State ◽  
Block Ciphers ◽  
Security Evaluation ◽  
Algebraic Expression ◽  
Single Pair ◽  
Integral Property ◽  
Simple Method ◽  
Truncated Differential ◽  
Impossible Differentials

In this paper, a new method for evaluating the integral property, truncated and impossible differentials for substitution-permutation network (SPN) block ciphers is proposed. The main assumption is an explicit description/expression of the internal state words in terms of the plaintext (ciphertext) words. By counting the number of times these words occur in the internal state expression, we can evaluate the resistance of a given block cipher to integral and impossible/truncated differential attacks more accurately than previous methods. More precisely, we explore the cryptographic consequences of uneven frequency of occurrences of plaintext (ciphertext) words appearing in the algebraic expression of the internal state words. This approach gives a new family of distinguishers employing different concepts such as the integral property, impossible/truncated differentials and the so-called zero-sum property. We then provide algorithms to determine the maximum number of rounds of such new types of distinguishers for SPN block ciphers. The potential and efficiency of this relatively simple method is confirmed through applications. For instance, in the case of SKINNY block cipher, several 10-round integral distinguishers, all of the 11-round impossible differentials, and a 7-round truncated differential could be determined. For the last case, using a single pair of plaintexts differing in three words so that (a = b = c) ≠ (a’ = b’ = c’), we are able to distinguish 7-round SKINNY from random permutations. More importantly, exploiting our distinguishers, we give the first practical attack on 11-round SKINNY-128-128 in the single-key setting (a theoretical attack reaches 16 rounds). Finally, using the same ideas, we provide a concise explanation on the existing distinguishers for round-reduced AES.

scholarly journals Bright - Proposed Family of Lightweight Block Ciphers for IoT-Enabled Smart Environment

2019 ◽  
Vol 8 (9) ◽  
pp. 584-592
Keyword(s):  
Block Ciphers ◽  
Smart Environment ◽  
Self Similarity ◽  
Lightweight Cryptography ◽  
New Family ◽  
Impossible Differential ◽  
Similarity Invariant ◽  
Key Sensitivity ◽  
Linear Differential ◽  
And Performance

Lightweight security algorithms are tailored for resource-constrained environment. To improve the efficiency of an algorithm, usually, a tradeoff is involved in lightweight cryptography in terms of its memory requirements and speed. This paper proposes a software-oriented new family of lightweight block ciphers, BRIGHT. Proposed family of ciphers support a range of block and key sizes for constraint environment. BRIGHT family has 6 variants and all variants fulfill Strict Avalanche Criteria and key sensitivity test. It is believed that BRIGHT family of ciphers provides better security and performance in IoT-enabled smart environment. Our aim, while designing BRIGHT is to enhance the cipher for IoT applications. For this, we have used the concept of key whitening that helps to resist against attacks like MITM and brute-force. Round permutation in BRIGHT results in stronger and faster diffusion and provides resistance against linear, differential, impossible differential, related-key rectangle, biclique, MITM, and statistical saturation attack which is likely to be applied to GFN based ciphers. BRIGHT using round constant thwarts attacks like rotational cryptanalysis, self-similarity, invariant attack, related-key attacks, and weak key attacks.

Sign in / Sign up

Export Citation Format

Share Document