Date: 21 Jun 2002

Impossible Differential Cryptanalysis of Zodiac

Abstract

We discuss the impossible differential cryptanalysis of the block cipher Zodiac [7]. The main design principles of Zodiac are simplicity and efficiency. However the diffusion layer in its round function is too simple to offer enough security. An impossible differential cryptanalysis is a proper method to attack the weakness of Zodiac. Our attack using two 14-round impossible characteristics derives 128-bit master key of the full 16-round Zodiac with its complexity 2119 encryption times faster than the exhaustive search. The efficiency of the attack compared with exhaustive search increases as the key size increases.

This work is supported in part by the Ministry of Information & Communication of Korea (“Support Project of University Information Technology Research Center” supervised by IITA)