Impossible Differential Cryptanalysis of Zodiac

  • Deukjo Hong
  • Jaechul Sung
  • Shiho Moriai
  • Sangjin Lee
  • Jongin Lim
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2355)


We discuss the impossible differential cryptanalysis of the block cipher Zodiac [7]. The main design principles of Zodiac are simplicity and efficiency. However the diffusion layer in its round function is too simple to offer enough security. An impossible differential cryptanalysis is a proper method to attack the weakness of Zodiac. Our attack using two 14-round impossible characteristics derives 128-bit master key of the full 16-round Zodiac with its complexity 2119 encryption times faster than the exhaustive search. The efficiency of the attack compared with exhaustive search increases as the key size increases.


  1. 1.
    I. Ben-Aroya and E. Biham, Differential Cryptanalysis of Lucifer, Journal of Cryptology, vol. 9, no. 1, pp. 21–34, 1996.zbMATHCrossRefGoogle Scholar
  2. 2.
    E. Biham, A. Biryukov, and A. Shamir, Cryptanalysis of skipjack reduced to 31 rounds using impossible differentials, Advances in Cryptology — EUROCRYPT’99, LNCS 1592, Springer-Verlag, 1999, pp. 12–23.Google Scholar
  3. 3.
    E. Biham and A. Shamir, Differential cryptanalysis of DES-like cryptosystems, Advances in Cryptology — CRYPTO’90, LNCS 537, Springer-Verlag, 1991, pp. 2–21.Google Scholar
  4. 4.
    L. Brown, J. Pieprzyk, and J. Seberry, LOKI-A cryptographic primitive for authentication and secrecy applications, Advances in Cryptology — AUSCRYPT’90, LNCS 453, pp. 229–236, Springer-Verlag, 1990.CrossRefGoogle Scholar
  5. 5.
    L. R. Knudsen, Truncated and Higher Order Differential, Fast Software Encryption Workshop 94, LNCS 1008, pp. 229–236, Springer-Verlag, 1995.Google Scholar
  6. 6.
    L. R. Knudsen and T. Jakobsen, The Interpolation Attack on Block Ciphers, Fast Software Encryption Workshop 97, LNCS 1267, pp. 28–40, Springer-Verlag, 1997.Google Scholar
  7. 7.
    ChangHyi Lee, KyungHwa Jun, MinSuk Jung, SangBae Park, and JongDeok Kim, Zodiac Version 1.0(revised) Architecture and Specification, Standardization Workshop on Information Security Technology 2000, Korean Contribution on MP18033, ISO/IEC JTC1/SC27 N2563, 2000, Available at the KISA’s web page,
  8. 8.
    S. Moriai, T. Shimoyama, and T. Kaneko, Higher Order Differential Attack of a CAST cipher, Fast Software Encryption Workshop 98, LNCS 1372, pp. 17–31, Springer-Verlag, 1998.CrossRefGoogle Scholar
  9. 9.
    B. Van Rompay, L. R. Knudsen, and V. Rijmen, Differential cryptanalysis of the ICE encryption algorithm, Fast Software Encryption Workshop 98, LNCS 1372, pp. 270–283, Springer-Verlag, 1998.CrossRefGoogle Scholar
  10. 10.
    A. Shimizu and S. Miyaguchi, Fast Data Encipherment Algorithm FEAL, Advances in Cryptology — EUROCRYPT’87, LNCS 304, pp. 267–278, Springer-Verlag, 1988.Google Scholar
  11. 11.
    D. Wagner, The boomerang attack, Fast Software Encryption Workshop 99, LNCS 1636, pp. 156–170, Springer-Verlag, 1999.CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • Deukjo Hong
    • 1
  • Jaechul Sung
    • 1
  • Shiho Moriai
    • 2
  • Sangjin Lee
    • 1
  • Jongin Lim
    • 1
  1. 1.Center for Information Security Technologies(CIST)Korea UniversitySeoulKorea
  2. 2.NTT LaboratoriesYokosukaJapan

Personalised recommendations