Flaws in Differential Cryptanalysis of Skipjack

  • Louis Granboulan
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2355)


This paper is motivated by some results presented by Knudsen, Robshaw and Wagner at Crypto’99 [3], that described many attacks of reduced versions of Skipjack, some of them being erroneous.

Differential cryptanalysis is based on distinguishers, any attack should prove that the events that triggers the analysis has not the same probability for the cipher than for a random function. In particular, the composition of differential for successive parts of a cipher should be done very carefully to lead to an attack.

This revised version of the paper includes the exact computations of some probabilities and repairs the attack of the first half of Skipjack.


  1. 1.
    Eli Biham, Alex Biryukov, and Adi Shamir. Cryptanalysis of skipjack reduced to 31 rounds using impossible differentials. In Jacques Stern, editor, Advances in Cryptology — EUROCRYPT’99, volume 1592 of LNCS, pages 12–23, Prague, May 1999. Springer-Verlag.Google Scholar
  2. 2.
    Eli Biham and Adi Shamir. Differential cryptanalysis of DES-like cryptosystems. Journal of Cryptology, 4(1):3–72, 1991.zbMATHCrossRefMathSciNetGoogle Scholar
  3. 3.
    Lars R. Knudsen, M.J.B. Robshaw, and David Wagner. Truncated differentials and skipjack. In Michael Wiener, editor, Advances in Cryptology — CRYPTO’99, volume 1666 of LNCS, pages 165–180, Santa-Barbara, California, August 1999. Springer-Verlag.CrossRefGoogle Scholar
  4. 4.
    Xuejia Lai, James L. Massey, and Sean Murphy. Markov ciphers and differential cryptanalysis. In Donald Watts Davies, editor, Advances in Cryptology, proceedings of Eurocrypt’91, volume 547 of LNCS, pages 17–38, Brighton, UK, April 1991. Springer-Verlag.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • Louis Granboulan
    • 1
  1. 1.École Normale SupérieureFrance

Personalised recommendations