Integrals Go Statistical: Cryptanalysis of Full Skipjack Variants

  • Meiqin WangEmail author
  • Tingting Cui
  • Huaifeng Chen
  • Ling Sun
  • Long Wen
  • Andrey Bogdanov
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9783)


Integral attacks form a powerful class of cryptanalytic techniques that have been widely used in the security analysis of block ciphers. The integral distinguishers are based on balanced properties holding with probability one. To obtain a distinguisher covering more rounds, an attacker will normally increase the data complexity by iterating through more plaintexts with a given structure under the strict limitation of the full codebook. On the other hand, an integral property can only be deterministically verified if the plaintexts cover all possible values of a bit selection. These circumstances have somehow restrained the applications of integral cryptanalysis.

In this paper, we aim to address these limitations and propose a novel statistical integral distinguisher where only a part of value sets for these input bit selections are taken into consideration instead of all possible values. This enables us to achieve significantly lower data complexities for our statistical integral distinguisher as compared to those of traditional integral distinguisher. As an illustration, we successfully attack the full-round Skipjack-BABABABA for the first time, which is the variant of NSA’s Skipjack block cipher.


Block cipher Statistical integral Integral attack Skipjack-BABABABA 



This work has been supported by 973 Program (No. 2013C B834205), NSFC Projects (No. 61133013, No. 61572293), Program for New Century Excellent Talents in University of China (NCET- 13-0350).


  1. 1.
    Aumasson, J.P., Meier, W.: Zero-Sum Distinguishers for Reduced Keccak-f and for the Core Functions of Luffa and Hamsi. Presented at the rump session of Cryptographic Hardware and Embedded Systems- CHES 2009 (2009)Google Scholar
  2. 2.
    Biham, E., Biryukov, A., Shamir, A.: Cryptanalysis of skipjack reduced to 31 rounds using impossible differentials. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 12–23. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  3. 3.
    Biryukov, A., Shamir, A.: Structural cryptanalysis of SASAS. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 394–405. Springer, Heidelberg (2001)Google Scholar
  4. 4.
    Blondeau, C., Nyberg, K.: Links between truncated differential and multidimensional linear properties of block ciphers and underlying attack complexities. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 165–182. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  5. 5.
    Bogdanov, A., Leander, G., Nyberg, K., Wang, M.: Integral and multidimensional linear distinguishers with correlation zero. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 244–261. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  6. 6.
    Collard, B., Standaert, F.-X.: A statistical saturation attack against the block cipher PRESENT. In: Fischlin, M. (ed.) CT-RSA 2009. LNCS, vol. 5473, pp. 195–210. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  7. 7.
    Daemen, J., Knudsen, L.R., Rijmen, V.: The block cipher SQUARE. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 149–165. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  8. 8.
    Ferguson, N., Kelsey, J., Lucks, S., Schneier, B., Stay, M., Wagner, D., Whiting, D.L.: Improved cryptanalysis of rijndael. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 213–230. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  9. 9.
    Fergnson, T.S.: A Course in Large Sample Theory. Chapman and Hall, London (1996)CrossRefGoogle Scholar
  10. 10.
    Knudsen, L.R., Robshaw, M., Wagner, D.: Truncated differentials and skipjack. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 165–180. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  11. 11.
    Knudsen, L.R., Wagner, D.: Integral cryptanalysis. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 112–127. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  12. 12.
    Knudsen, L.R., Wagner, D.: On the structure of skipjack. Discrete Appl. Math. 111(1–2), 103–116 (2001). ElsevierMathSciNetCrossRefzbMATHGoogle Scholar
  13. 13.
    Leander, G.: On linear hulls, statistical saturation attacks, PRESENT and a cryptanalysis of PUFFIN. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 303–322. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  14. 14.
    Lehmann, E.L.: Elements of Large-Sample Theory. Springer, New York (1999)CrossRefzbMATHGoogle Scholar
  15. 15.
    Lucks, S.: The saturation attack - a bait for twofish. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 1–15. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  16. 16.
    Moriai, S., Shimoyama, T., Kaneko, T.: Higher order differential attack of a CAST cipher. In: Vaudenay, S. (ed.) FSE 1998. LNCS, vol. 1372, pp. 17–31. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  17. 17.
    Sasaki, Y., Wang, L.: Meet-in-the-middle technique for integral attacks against feistel ciphers. In: Knudsen, L.R., Wu, H. (eds.) SAC 2012. LNCS, vol. 7707, pp. 234–251. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  18. 18.
    Skipjack and KEA Algorithm Specifications, Version 2.0, 29. Available at the National Institute of Standards and Technology’s web page, May 1998.
  19. 19.
    Sun, B., Liu, Z., Rijmen, V., Li, R., Cheng, L., Wang, Q., Alkhzaimi, H., Li, C.: Links among Impossible Differential, Integral and Zero Correlation Linear Cryptanalysis.
  20. 20.
    Vaudenay, S.: An experiment on DES statistical cryptanalysis. In: Proceedings of the 3rd ACM Conference on Computer and Communications Security, pp. 139–147. ACM (1996)Google Scholar
  21. 21.
    Wu, S., Wang, M.: Integral attacks on reduced-round PRESENT. In: Qing, S., Zhou, J., Liu, D. (eds.) ICICS 2013. LNCS, vol. 8233, pp. 331–345. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  22. 22.
    Z’aba, M.R., Raddum, H., Henricksen, M., Dawson, E.: Bit-pattern based integral attack. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 363–381. Springer, Heidelberg (2008)CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2016

Authors and Affiliations

  • Meiqin Wang
    • 1
    • 2
    Email author
  • Tingting Cui
    • 1
  • Huaifeng Chen
    • 1
  • Ling Sun
    • 1
  • Long Wen
    • 1
  • Andrey Bogdanov
    • 3
  1. 1.Key Laboratory of Cryptologic Technology and Information Security, Ministry of EducationShandong UniversityJinanChina
  2. 2.State Key Laboratory of CryptologyBeijingChina
  3. 3.Technical University of DenmarkKongens LyngbyDenmark

Personalised recommendations