New Insights on Impossible Differential Cryptanalysis

  • Charles Bouillaguet
  • Orr Dunkelman
  • Pierre-Alain Fouque
  • Gaëtan Leurent
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7118)


Since its introduction, impossible differential cryptanalysis has been applied to many ciphers. Besides the specific application of the technique in various instances, there are some very basic results which apply to generic structures of ciphers, e.g., the well known 5-round impossible differential of Feistel ciphers with bijective round functions.

In this paper we present a new approach for the construction and the usage of impossible differentials for Generalized Feistel structures. The results allow to extend some of the previous impossible differentials by one round (or more), answer an open problem about the ability to perform this kind of analysis, and tackle, for the first time the case of non-bijective round functions.


Impossible differential cryptanalysis Miss in the middle Generalized Feistel Matrix method 


  1. 1.
    Adams, C., Heys, H., Tavares, S., Wiener, M.: The CAST-256 Encryption Algorithm (1998); AES Submission Google Scholar
  2. 2.
    Aoki, K., Ichikawa, T., Kanda, M., Matsui, M., Moriai, S., Nakajima, J., Tokita, T.: Camellia: A 128-Bit Block Cipher Suitable for Multiple Platforms - Design and Analysis. In: Stinson, D.R., Tavares, S. (eds.) SAC 2000. LNCS, vol. 2012, pp. 39–56. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  3. 3.
    Biham, E., Biryukov, A., Shamir, A.: Cryptanalysis of Skipjack Reduced to 31 Rounds Using Impossible Differentials. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 12–23. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  4. 4.
    Biham, E., Biryukov, A., Shamir, A.: Miss in the Middle Attacks on IDEA and Khufu. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, pp. 124–138. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  5. 5.
    Biham, E., Shamir, A.: Differential Cryptanalysis of the Data Encryption Standard. Springer, Heidelberg (1993)CrossRefzbMATHGoogle Scholar
  6. 6.
    Burwick, C., Coppersmith, D., D’Avignon, E., Gennaro, R., Halevi, S., Jutla, C., Matyas Jr., S.M., O’Connor, L., Peyravian, M., Safford, D., Zunic, N.: MARS - a candidate cipher for AES (1998); AES submissionGoogle Scholar
  7. 7.
    Choy, J., Yap, H.: Impossible Boomerang Attack for Block Cipher Structures. In: Takagi, T., Mambo, M. (eds.) IWSEC 2009. LNCS, vol. 5824, pp. 22–37. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  8. 8.
    Daemen, J., Rijmen, V.: AES Proposal: Rijndael (1998); NIST AES proposalGoogle Scholar
  9. 9.
    Keliher, L., Sui, J.: Exact Maximum Expected Differential and Linear Probability for 2-Round Advanced Encryption Standard (AES) (2005); IACR ePrint report 2005/321Google Scholar
  10. 10.
    Kim, J., Hong, S., Lim, J.: Impossible differential cryptanalysis using matrix method. Discrete Mathematics 310(5), 988–1002 (2010)MathSciNetCrossRefzbMATHGoogle Scholar
  11. 11.
    Kim, J., Hong, S., Sung, J., Lee, S., Lim, J., Sung, S.: Impossible Differential Cryptanalysis for Block Cipher Structures. In: Johansson, T., Maitra, S. (eds.) INDOCRYPT 2003. LNCS, vol. 2904, pp. 82–96. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  12. 12.
    Knudsen, L.R.: Deal — A 128-bit Block Cipher (1998); AES submissionGoogle Scholar
  13. 13.
    Luo, Y., Wu, Z., Lai, X., Gong, G.: A Unified Method for Finding Impossible Differentials of Block Cipher Structures (2009); IACR ePrint report 2009/627Google Scholar
  14. 14.
    Nyberg, K.: Generalized Feistel Networks. In: Kim, K., Matsumoto, T. (eds.) ASIACRYPT 1996. LNCS, vol. 1163, pp. 91–104. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  15. 15.
    O’Connor, L.: On the Distribution of Characteristics in Bijective Mappings. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 360–370. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  16. 16.
    Pudovkina, M.: On Impossible Truncated Differentials of Generalized Feistel and Skipjack Ciphers. Presented at the Rump Session of the FSE 2009 Workshop (2009),
  17. 17.
    Rivest, R.L., Robshaw, M.J., Sidney, R., Yin, Y.L.: The RC6 Block Cipher (1998); AES submissionGoogle Scholar
  18. 18.
    US Government: SKIPJACK and KEA Algorithm Specification (1998)Google Scholar
  19. 19.
    US National Institute of Standards and Technology: Advanced Encryption Standard (2001); Federal Information Processing Standards Publications No. 197Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Charles Bouillaguet
    • 1
  • Orr Dunkelman
    • 2
    • 3
  • Pierre-Alain Fouque
    • 1
  • Gaëtan Leurent
    • 4
  1. 1.Département d’InformatiqueÉcole normale supérieureParisFrance
  2. 2.Computer Science DepartmentUniversity of HaifaHaifaIsrael
  3. 3.Faculty of Mathematics and Computer ScienceWeizmann Institute of ScienceRehovotIsrael
  4. 4.Faculty of Science, Technology and CommunicationsUniversity of LuxembourgLuxembourg

Personalised recommendations