Improved Cryptanalysis of the FOX Block Cipher

  • Zhongming Wu
  • Yiyuan Luo
  • Xuejia Lai
  • Bo Zhu
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6163)


In this paper, we analyze the pseudorandomness of the high level structure of FOX64, and describe a 2-round pseudorandomness distinguisher and a 3-round strong pseudorandomness distinguisher, and thus prove that 3-round and 4-round are necessary to achieve the pseudorandomness and strong pseudorandomness respectively. We also find a 4-round impossible difference characteristic. By using it, an adversary can attack 5, 6 and 7-round FOX64 with 269, 2133 and 2197 encryptions respectively. which improves the best known attack by a factor of 240.4. This attack can be extended to 5-round FOX128 with 2133 encryptions.


pseudorandomness block cipher FOX impossible difference 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Biham, E., Biryukov, A., Shamir, A.: Cryptanalysis of Skipjack reduced to 31 rounds using impossible differentials. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 12–23. Springer, Heidelberg (1999)Google Scholar
  2. 2.
    Biham, E., Biryukov, A., Shamir, A.: Miss in the middle attacks on IDEA. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, pp. 124–138. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  3. 3.
    Junod, P., Vaudenay, S.: FOX: a new family of block ciphers. In: Selected Areas in Cryptography - SAC 2004. LNCS, vol. 2595, pp. 131–146. Springer, Heidelberg (2004)Google Scholar
  4. 4.
    Knudsen, L.: DEAL A 128-bit block cipher. NIST AES Proposal (1998)Google Scholar
  5. 5.
    Lai, X., Massey, J.: A proposal for a new block encryption standard. In: Damgård, I.B. (ed.) EUROCRYPT 1990. LNCS, vol. 473, pp. 389–404. Springer, Heidelberg (1991)Google Scholar
  6. 6.
    Lai, X.: On the design and security of block ciphers. ETH Series in Information Processing, vol. 1. Hartung-Gorre Verlag, Konstanz (1992)Google Scholar
  7. 7.
    Luby, M., Rackoff, C.: How to construct pseudorandom permutations from pseudorandom functions. SIAM Journal on Computing 12(1), 373–386 (1988)CrossRefMathSciNetGoogle Scholar
  8. 8.
    Maurer, U.: A simplified and generalized treatment of Luby-Rackoff pseudorandom permutation generators. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 239–255. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  9. 9.
    Mediacrypt homepage,
  10. 10.
    Trusted Computing Group,
  11. 11.
    Moriai, S., Vaudenay, S.: On the pseudorandomness of top-level schemes of block ciphers. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 289–302. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  12. 12.
    Naor, M., Reingold, O.: On the construction of pseudorandom permutations: Luby-Rackoff revisited. Journal of Cryptology 12(1), 29–66 (1999)zbMATHCrossRefMathSciNetGoogle Scholar
  13. 13.
    Trusted Computing Group: Summary of features under consideration for the next generation of TPMGoogle Scholar
  14. 14.
    Nakahara, J.: An analysis of FOX. In: Brazilian Symposium on Information and Computer System Security 2008 (2008)Google Scholar
  15. 15.
    Patarin, J.: How to construct pseudorandom and super pseudorandom permutations from one single pseudorandom function. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 256–266. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  16. 16.
    Vaudenay, S.: Provable security for block ciphers by decorrelation. In: Meinel, C., Morvan, M. (eds.) STACS 1998. LNCS, vol. 1373, pp. 249–275. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  17. 17.
    Vaudenay, S.: On the Lai-Massey scheme. In: Lam, K.-Y., Okamoto, E., Xing, C. (eds.) ASIACRYPT 1999. LNCS, vol. 1716, pp. 8–19. Springer, Heidelberg (1999)Google Scholar
  18. 18.
    Wu, W., Zhang, W., Feng, D.: Improved integral cryptanalysis of FOX block cipher. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 229–241. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  19. 19.
    Sadeghiyan, B., Pieprzyk, J.: On necessary and sufficient conditions for the construction of super pseudorandom permutations. In: Matsumoto, T., Imai, H., Rivest, R.L. (eds.) ASIACRYPT 1991. LNCS, vol. 739, pp. 194–209. Springer, Heidelberg (1993)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Zhongming Wu
    • 1
  • Yiyuan Luo
    • 1
  • Xuejia Lai
    • 1
  • Bo Zhu
    • 1
  1. 1.Department of Computer Science and EngineeringShanghai Jiaotong UniversityChina

Personalised recommendations