The notion of a truncated differential was defined by Knudsen in  and was applied to cryptanalyse the cipher SAFER due to its word-oriented operations . Truncated differentials are an extension of the notion of differentials, used in differentialcryptanalysis. The main idea is to leave part of the difference unspecified, thus clustering several differentials together. This can be done by specifying m-bit constraints on the whole block (where m is smaller than the block size n), like: (A, -A, B, 2B), where A, B can take any value as was done in ; or by fixing part of the data block to certain value and allowing the rest to vary arbitrarily, like: (0, *, 3, *, 255, *, *), where * may take any value. Such “wild-card” differentials were introduced in the cryptanalysis of the hash-function Snefru . Truncated differentials are a powerful tool against ciphers with word-oriented structure, and play an important role in extensions of differential techniques such as impossible-differentials...
- Biham, E. and A. Shamir (1991). “Differential cryptanalysis of Snefru, Khafre, REDOC-II, LOKI and Lucifier.” Advances in Cryptology—CRYPTO'91, Lecture Notes in Computer Science, vol. 576, ed. J. Feigenbaum. Springer-Verlag, Berlin, 156–171.Google Scholar
- Knudsen, L.R. (1995). “Truncated and higher order differentials.” Fast Software Encryption, FSE'94, Lecture Notes in Computer Science, vol. 1008, ed. B. Preneel. Springer-Verlag, Berlin, 196–211.Google Scholar
- Knudesen, L.R. and T.A. Berson (1996). “Truncated differentials of SAFER.” Fast Software Encryption, FSE'96, Lecture Notes in Computer Science, vol. 1039, ed. D. Gollmann. Springer-Verlag, Berlin, 15–26.Google Scholar