Skip to main content
SpringerLink
Log in

Some Results Using the Matrix Methods on Impossible, Integral and Zero-Correlation Distinguishers for Feistel-Like Ciphers

  • Conference paper
  • First Online:
Progress in Cryptology -- INDOCRYPT 2015 (INDOCRYPT 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9462))

Included in the following conference series:

Abstract

While many recent publications have shown strong relations between impossible differential, integral and zero-correlation distinguishers for SPNs and Feistel-like ciphers, this paper tries to bring grist to the mill to this research direction by first, studying the Type-III, the Source-Heavy (SH) and the Target-Heavy (TH) Feistel-like ciphers regarding those three kinds of distinguishers. Second, this paper tries to make a link between the matrix methods used to find such distinguishers and the adjacency matrix of the graph of a Feistel-like cipher.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    We refer to [5] for the complete table describing the XOR effect in the matrix method.

  2. 2.

    In particular a coefficient 2 could not appear due to the restricted previous definition where a receiver could not receive twice.

References

  1. Arnault, F., Berger, T.P., Minier, M., Pousse, B.: Revisiting LFSRs for cryptographic applications. IEEE Trans. Inf. Theory 57(12), 8095–8113 (2011)

    Article  MathSciNet  Google Scholar 

  2. Berger, T.P., Minier, M., Thomas, G.: Extended generalized feistel networks using matrix representation. In: Lange, T., Lauter, K., Lisoněk, P. (eds.) SAC 2013. LNCS, vol. 8282, pp. 289–305. Springer, Heidelberg (2014)

    Chapter  Google Scholar 

  3. Biham, E., Biryukov, A., Shamir, A.: Cryptanalysis of Skipjack reduced to 31 rounds using impossible differentials. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 12–23. Springer, Heidelberg (1999)

    Google Scholar 

  4. Blondeau, C., Bogdanov, A., Wang, M.: On the (In)equivalence of impossible differential and zero-correlation distinguishers for Feistel- and Skipjack-type ciphers. In: Boureanu, I., Owesarski, P., Vaudenay, S. (eds.) ACNS 2014. LNCS, vol. 8479, pp. 271–288. Springer, Heidelberg (2014)

    Google Scholar 

  5. Blondeau, C., Minier, M.: Analysis of impossible, integral and zero-correlation attacks on type-ii generalized Feistel networks using the matrix method. In: Leander, G. (ed.) FSE 2015. LNCS, vol. 9054, pp. 92–113. Springer, Heidelberg (2015)

    Chapter  Google Scholar 

  6. Blondeau, C., Minier, M.: Relations between Impossible, Integral and Zero-correlation Key-Recovery Attacks (extended version). Cryptology ePrint Archive, Report 2015/141 (2015). http://eprint.iacr.org/

  7. Bogdanov, A., Leander, G., Nyberg, K., Wang, M.: Integral and multidimensional linear distinguishers with correlation zero. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 244–261. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  8. Bogdanov, A., Rijmen, V.: Zero-correlation linear cryptanalysis of block ciphers. IACR Cryptology ePrint Arch. 2011, 123 (2011)

    Google Scholar 

  9. Bouillaguet, C., Dunkelman, O., Fouque, P.-A., Leurent, G.: New insights on impossible differential cryptanalysis. In: Miri, A., Vaudenay, S. (eds.) SAC 2011. LNCS, vol. 7118, pp. 243–259. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  10. Kim, J.-S., Hong, S.H., Sung, J., Lee, S.-J., Lim, J.-I., Sung, S.H.: Impossible differential cryptanalysis for block cipher structures. In: Johansson, T., Maitra, S. (eds.) INDOCRYPT 2003. LNCS, vol. 2904, pp. 82–96. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  11. Knudsen, L.: DEAL-a 128-bit block cipher. Complexity 258(2), 216 (1998)

    Google Scholar 

  12. Knudsen, L., Wagner, D.: Integral cryptanalysis nes/doc/uib/wp5/015. NESSIE Report (2001). http://www.cosic.esat.kuleuven.be/nessie/reports/phase2/uibwp5-015-1.pdf

  13. Knudsen, L.R., Wagner, D.: Integral cryptanalysis. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 112–127. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  14. Luo, Y., Lai, X., Wu, Z., Gong, G.: A unified method for finding impossible differentials of block cipher structures. Inf. Sci. 263, 211–220 (2014)

    Article  Google Scholar 

  15. Soleimany, H., Nyberg, K.: Zero-correlation linear cryptanalysis of reduced-round LBlock. Des. Codes Crypt. 73(2), 683–698 (2014)

    Article  MATH  MathSciNet  Google Scholar 

  16. Sun, B., Liu, Z., Rijmen, V., Li, R., Cheng, L., Wang, Q., Alkhzaimi, H., Li, C.: Links among impossible differential, integral and zero correlation linear cryptanalysis. Cryptology ePrint Archive, Report 2015/181 (2015). http://eprint.iacr.org/

  17. Sun, B., Liu, Z., Rijmen, V., Li, R., Cheng, L., Wang, Q., Alkhzaimi, H., Li, C.: Links among impossible differential, integral and zero correlation linear cryptanalysis. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015, Part I. LNCS, vol. 9215, pp. 95–115. Springer, Heidelberg (2015)

    Chapter  Google Scholar 

  18. Suzaki, T., Minematsu, K.: Improving the generalized Feistel. In: Hong, S., Iwata, T. (eds.) FSE 2010. LNCS, vol. 6147, pp. 19–39. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  19. Wu, S., Wang, M.: Automatic search of truncated impossible differentials for word-oriented block ciphers. In: Galbraith, S., Nandi, M. (eds.) INDOCRYPT 2012. LNCS, vol. 7668, pp. 283–302. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  20. Yanagihara, S., Iwata, T.: Improving the permutation layer of type 1, type 3, source-heavy, and target-heavy generalized Feistel structures. IEICE Trans. 96–A(1), 2–14 (2013)

    Article  Google Scholar 

  21. Zhang, W., Su, B., Wu, W., Feng, D., Wu, C.: Extending higher-order integral: an efficient unified algorithm of constructing integral distinguishers for block ciphers. In: Bao, F., Samarati, P., Zhou, J. (eds.) ACNS 2012. LNCS, vol. 7341, pp. 117–134. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

Download references

Acknowledgment

The authors would like to thank Céline Blondeau for our fruitful discussions and the anonymous referees for their valuable comments. This work was partially supported by the French National Agency of Research: ANR-11-INS-011.

Author information

Authors and Affiliations

  1. XLIM (UMR CNRS 7252), Université de Limoges, 123 Avenue A. Thomas, 87060, Limoges Cedex, France

    Thierry P. Berger

  2. INRIA, INSA-Lyon, CITI, Université de Lyon, Lyon, France

    Marine Minier

Authors
  1. Thierry P. Berger
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Marine Minier
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Marine Minier .

Editor information

Editors and Affiliations

  1. Luxembourg, Luxembourg

    Alex Biryukov

  2. Microsoft Research India, Banglore, India

    Vipul Goyal

Appendices

A ZC Distinguishers on 19 Rounds of Type-I and on 12 Rounds of Four-Cell

1.1 A.1 ZC Distinguishers on 19 Rounds of Type-I

If the round function of a Type-I is bijective, then the 19-round ZC linear hull \((l_1,0,0,0)\rightarrow (0,l_1,0,0)\) has zero correlation. The details of this ZC distinguisher is given in Table 6.

Table 6. 19-Round ZC dinstinguisher for Type-I
Full size table
Table 7. 12-Round ZC dinstinguisher for Four-Cell
Full size table

1.2 A.2 ZC Distinguishers on 12 Rounds of Four-Cell

If the round function of Four-Cell is bijective, then the 12-round ZC linear hull \((0,0,0,l_1)\rightarrow (l_2,l_2,l_2,l_2)\) has zero correlation. The details of this ZC distinguisher is given in Table 7.

B Table of the Values of \(d_0\), \(d_1\) and \(d_2\)

It is easy to see that the bounds given in Conjecture 1 are false for SH, TH and Gen-Four-Cell ciphers as for example the best ID distinguisher given by the UID-method on Gen-Four-Cell is on 18 rounds whereas the best value of B is upper bounded by 14.

Table 8. Value of \(d_0\), \(d_1\) and \(d_2\) for different Feistel-like schemes with k branches.
Full size table

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Berger, T.P., Minier, M. (2015). Some Results Using the Matrix Methods on Impossible, Integral and Zero-Correlation Distinguishers for Feistel-Like Ciphers. In: Biryukov, A., Goyal, V. (eds) Progress in Cryptology -- INDOCRYPT 2015. INDOCRYPT 2015. Lecture Notes in Computer Science(), vol 9462. Springer, Cham. https://doi.org/10.1007/978-3-319-26617-6_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-26617-6_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-26616-9

  • Online ISBN: 978-3-319-26617-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation