Impossible Differential Cryptanalysis for Block Cipher Structures

  • Jongsung Kim
  • Seokhie Hong
  • Jaechul Sung
  • Sangjin Lee
  • Jongin Lim
  • Soohak Sung
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2904)


Impossible Differential Cryptanalysis(IDC) [4] uses impossible differential characteristics to retrieve a subkey material for the first or the last several rounds of block ciphers. Thus, the security of a block cipher against IDC can be evaluated by impossible differential characteristics. In this paper, we study impossible differential characteristics of block cipher structures whose round functions are bijective. We introduce a widely applicable method to find various impossible differential characteristics of block cipher structures. Using this method, we find various impossible differential characteristics of known block cipher structures: Nyberg’s generalized Feistel network, a generalized CAST256-like structure [14], a generalized MARS-like structure [14], a generalized RC6-like structure [14], and Rijndael structure.


Impossible Differential Cryptanalysis(IDC) impossible differential characteristic block cipher structures 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Adams, C.M.: The CAST-256 Encryption Algorithm. In: AES Proposal (1998)Google Scholar
  2. 2.
    Aoki, K., Ohta, K.: Strict evaluation of the maximum average of differential probability and the maximem average of linear probability. IEICE Transactions fundamentals of Electronics, Communications and Computer Sciences (1), 2–8 (1997)Google Scholar
  3. 3.
    Biham, E., Shamir, A.: Differential cryptanalysis of DES-like cryptosystems. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 2–21. Springer, Heidelberg (1991)Google Scholar
  4. 4.
    Biham, E., Biryukov, A., Shamir, A.: Cryptanalysis of skipjack reduced to 31 rounds using impossible differentials. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 12–23. Springer, Heidelberg (1999)Google Scholar
  5. 5.
    Burwick, C., Coppersmith, D., D’Avignon, E., Gennaro, R., Halevi, S., Jutla, C., Matyas, S.M., O’Connor, L., Peyravian, M., Safford, D., Zunic, N.: MARS – A Candidate Cipher for AES. In: AES Proposal (1998)Google Scholar
  6. 6.
    Cheon, J., Kim, M., Kim, K., Lee, J.: Improved Impossible Differential Cryptanalysis of Rijndael and Crypton. In: Kim, K.-c. (ed.) ICISC 2001. LNCS, vol. 2288, pp. 39–49. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  7. 7.
    Daemen, J., Rijndael, V.: The Rijndael block cipher. In: AES proposal (1998)Google Scholar
  8. 8.
    Hong, S., Lee, S., Lim, J., Sung, J., Choen, D., Cho, I.: Provable Security against Differential and Linear Cryptanalysis for the SPN structure. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 273–283. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  9. 9.
    Hong, S., Sung, J., Lee, S., Lim, J., Kim, J.: Provable Security for 13 round Skipjack-like Structure. Information Processing Letters 82, 243–246 (2002)CrossRefMathSciNetGoogle Scholar
  10. 10.
    Knudsen, L.R.: DEAL - A 128-bit Block Cipher. In: AES Proposal (1998)Google Scholar
  11. 11.
    Knudsen, L., Wagner, D.: Integral cryptanalysis. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 112–127. Springer, Heidelberg (2002)Google Scholar
  12. 12.
    Matsui, M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994)Google Scholar
  13. 13.
    Matsui, M.: New structure of block ciphers with provable security against differential and linear cryptanalysis. In: Gollmann, D. (ed.) FSE 1996. LNCS, vol. 1039, pp. 205–218. Springer, Heidelberg (1996)Google Scholar
  14. 14.
    Moriai, S., Vaudenay, S.: On the Pseudorandomness of Top-Level Schemes of Block Ciphers. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 289–302. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  15. 15.
    National Security Agency. NSA Releases Fortezza Algorithms. Press Release, June 24 (1998), Available at
  16. 16.
    Nyberg, K., Knudsen, L.R.: Provable security against differential cryptanalysis. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 566–574. Springer, Heidelberg (1993)Google Scholar
  17. 17.
    Nyberg, K.: Generalized Feistel Networks. In: Kim, K.-c., Matsumoto, T. (eds.) ASIACRYPT 1996. LNCS, vol. 1163, pp. 91–104. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  18. 18.
    Rivest, R.L., Robshaw, M.J.B., Sidney, R., Yin, Y.L.: The RC6 block cipher. In: AES Proposal (1998)Google Scholar
  19. 19.
    Sung, J., Lee, S., Lim, J., Hong, S., Park, S.: Provable Security for the Skipjack- like Structure against Differential Cryptanalysis and Linear Cryptanalysis. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 274–288. Springer, Heidelberg (2000)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Jongsung Kim
    • 1
  • Seokhie Hong
    • 1
  • Jaechul Sung
    • 2
  • Sangjin Lee
    • 1
  • Jongin Lim
    • 1
  • Soohak Sung
    • 3
  1. 1.Center for Information Security Technologies(CIST)Korea UniversitySeoulKorea
  2. 2.Korea Information Security Agency(KISA)SeoulKOREA
  3. 3.Beajea UniversityDeajoanKOREA

Personalised recommendations