Square Attack on Reduced-Round Zodiac Cipher

  • Wen Ji
  • Lei Hu
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4991)


Zodiac is a block cipher with 128-bit blocks and designed for the Korean firm SoftForum in 2000. This paper discusses the security of Zodiac against the Square attack. We first construct two 8-round distinguishers to build a basic Square attack against the reduced 9-round Zodiac with 128-bit keys, and then extend this attack to 12, 13, 14, and 15-round Zodiac, which finds their round keys with the complexities 292.3, 2124.8, 2157.2, and 2189.5, respectively. Moreover, our attack can find the round keys of the full 16-round Zodiac with 256-bit keys with a complexity of 2221.7 which is better than the exhaustive search and in this attack we just need 216.5 chosen plaintexts. This result shows that the Square attack is not only applicable to Square-like ciphers but also to ciphers with Feistel structure once more.


block cipher Zodiac square attack 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Lee, C., Jun, K., Jung, M., Park, S., Kim, J.: Zodiac Version 1.0 (revised) Architecture and Specification, Standardization Workshop on Information Security Technology, Korean Contribution on MP18033, ISO/IEC JTC1/SC27 N2563, 2000 (2000), http://www.kisa.or.kr/seed/index.html
  2. 2.
    Hong, D., Sung, J., Moriai, S., Lee, S., Lim, J.: Impossible Differential Cryptanalysis of Zodiac. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 300–311. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  3. 3.
    Daemen, J., Knudsen, L., Rijmen, V.: The Block Cipher Square. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 149–165. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  4. 4.
    Lucks, S.: The Saturation Attack - a Bait for Twofish. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 1–15. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  5. 5.
    D’Halluin, C., Bijnens, G., Rijmen, V., Preneel, B.: Attack on Six Rounds of Crypton. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, pp. 46–59. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  6. 6.
    Ferguson, N., Kelsey, J., Lucks, S., Schneier, B., Stay, M., Wagner, D., Whiting, D.: Improved Cryptanalysis of Rijndael. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 213–230. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  7. 7.
    Knudsen, L., Wagner, D.: Integral cryptanalysis. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 112–127. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  8. 8.
    Yeom, Y., Park, S., Kim, I.: On the Security of Camellia against the Square Attack. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 89–99. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  9. 9.
    Hwang, K., Lee, W., Lee, S., Lee, S., Lim, J.: Saturation Attacks on Reduced Round Skipjack. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 100–111. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  10. 10.
    Wu, W., Zhang, W., Feng, D.: Improved Integral Cryptanalysis of FOX Block Cipher. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 229–241. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  11. 11.
    He, Y., Qing, S.: Square Attack on Reduced Camellia Cipher. In: Qing, S., Okamoto, T., Zhou, J. (eds.) ICICS 2001. LNCS, vol. 2229, pp. 238–245. Springer, Heidelberg (2001)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Wen Ji
    • 1
  • Lei Hu
    • 1
  1. 1.State Key Laboratory of Information SecurityGraduate School of Chinese Academy of SciencesBeijingChina

Personalised recommendations