On the (In)Equivalence of Impossible Differential and Zero-Correlation Distinguishers for Feistel- and Skipjack-Type Ciphers

For many word-oriented block ciphers, impossible differential (ID) and zero-correlation linear (ZC) cryptanalyses are among the most powerful attacks. Whereas ID cryptanalysis makes use of differentials which never occur, the ZC cryptanalysis relies on linear approximations with correlations equal to zero. While the key recovery parts of ID and ZC attacks may differ and are often specific to the target cipher, the underlying distinguishing properties frequently cover the same number of rounds. However, in some cases, the discrepancy between the best known IDs and ZC approximations is rather significant.

[1]  T. Suzaki,et al.  TWINE : A Lightweight , Versatile Block Cipher , 2011 .

[2]  Kazuhiko Minematsu,et al.  Improving the Generalized Feistel , 2010, FSE.

[3]  Kwangjo Kim,et al.  Advances in Cryptology — ASIACRYPT '96 , 1996, Lecture Notes in Computer Science.

[4]  Mingsheng Wang,et al.  Automatic Search of Truncated Impossible Differentials for Word-Oriented Block Ciphers , 2012, INDOCRYPT.

[5]  Serge Vaudenay,et al.  On the Pseudorandomness of Top-Level Schemes of Block Ciphers , 2000, ASIACRYPT.

[6]  Kaisa Nyberg,et al.  New Links Between Differential and Linear Cryptanalysis , 2015, IACR Cryptol. ePrint Arch..

[7]  Khoongming Khoo,et al.  Cryptographic Properties and Application of a Generalized Unbalanced Feistel Network Structure , 2009, ACISP.

[8]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.

[9]  Mridul Nandi,et al.  Progress in Cryptology - INDOCRYPT 2012 , 2012, Lecture Notes in Computer Science.

[10]  Eli Biham,et al.  Cryptanalysis of Skipjack reduced to 31 rounds using impossible differentials , 1999 .

[11]  Guang Gong,et al.  A unified method for finding impossible differentials of block cipher structures , 2014, Inf. Sci..

[12]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[13]  Andrey Bogdanov,et al.  Multidimensional zero-correlation attacks on lightweight block cipher HIGHT: Improved cryptanalysis of an ISO standard , 2014, Inf. Process. Lett..

[14]  Vincent Rijmen,et al.  Linear hulls with correlation zero and linear cryptanalysis of block ciphers , 2014, Des. Codes Cryptogr..

[15]  Eli Biham,et al.  Differential cryptanalysis of DES-like cryptosystems , 1990, Journal of Cryptology.

[16]  Gerhard Goos,et al.  Fast Software Encryption , 2001, Lecture Notes in Computer Science.

[17]  Kaisa Nyberg,et al.  Generalized Feistel Networks , 1996, ASIACRYPT.

[18]  Kazuhiko Minematsu,et al.  $\textnormal{\textsc{TWINE}}$ : A Lightweight Block Cipher for Multiple Platforms , 2012, Selected Areas in Cryptography.

[19]  Martijn Stam,et al.  Understanding Adaptivity: Random Systems Revisited , 2012, ASIACRYPT.

[20]  Tatsuaki Okamoto,et al.  Advances in Cryptology — ASIACRYPT 2000 , 2000, Lecture Notes in Computer Science.

[21]  Jianying Zhou,et al.  Information and Communications Security , 2013, Lecture Notes in Computer Science.

[22]  Andrey Bogdanov,et al.  Multidimensional Zero-Correlation Linear Cryptanalysis of E2 , 2014, AFRICACRYPT.

[23]  Jacques Stern,et al.  Advances in Cryptology — EUROCRYPT ’99 , 1999, Lecture Notes in Computer Science.

[24]  Kaisa Nyberg,et al.  Links Between Truncated Differential and Multidimensional Linear Properties of Block Ciphers and Underlying Attack Complexities , 2014, IACR Cryptol. ePrint Arch..

[25]  Serge Vaudenay,et al.  Links Between Differential and Linear Cryptanalysis , 1994, EUROCRYPT.

[26]  Thierry P. Berger,et al.  Extended Generalized Feistel Networks Using Matrix Representation , 2013, Selected Areas in Cryptography.

[27]  Kaisa Nyberg,et al.  Zero-correlation linear cryptanalysis of reduced-round LBlock , 2012, Des. Codes Cryptogr..

[28]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[29]  Wenling Wu,et al.  LBlock: A Lightweight Block Cipher , 2011, ACNS.

[30]  Andrey Bogdanov,et al.  Zero-Correlation Linear Cryptanalysis with FFT and Improved Attacks on ISO Standards Camellia and CLEFIA , 2013, Selected Areas in Cryptography.

[31]  Jongsung Kim,et al.  Impossible differential cryptanalysis using matrix method , 2010, Discret. Math..

[32]  Tor Helleseth,et al.  Advances in Cryptology — EUROCRYPT ’93 , 2001, Lecture Notes in Computer Science.

[33]  Andrey Bogdanov,et al.  Zero Correlation Linear Cryptanalysis with Reduced Data Complexity , 2012, FSE.

[34]  Information Security and Privacy , 1996, Lecture Notes in Computer Science.

[35]  Andrey Bogdanov,et al.  Integral and Multidimensional Linear Distinguishers with Correlation Zero , 2012, ASIACRYPT.

[36]  Phong Q. Nguyen,et al.  Advances in Cryptology – EUROCRYPT 2013 , 2013, Lecture Notes in Computer Science.