Making the Impossible Possible

This paper introduces new techniques and correct complexity analyses for impossible differential cryptanalysis, a powerful block cipher attack. We show how the key schedule of a cipher impacts an impossible differential attack, and we provide a new formula for the time complexity analysis that takes this parameter into account. Further, we show, for the first time, that the technique of multiple differentials can be applied to impossible differential attacks. Then, we demonstrate how this technique can be combined in practice with multiple impossible differentials or with the so-called state-test technique. To support our proposal, we implemented the above techniques on small-scale ciphers and verified their efficiency and accuracy in practice. We apply our techniques to the cryptanalysis of ciphers including AES-128, CRYPTON-128, ARIA-128, CLEFIA-128, Camellia-256 and LBlock. All of our attacks significantly improve previous impossible differential attacks and generally achieve the best memory complexity among all previous attacks against these ciphers.

[1]  Pierre-Alain Fouque,et al.  Exhausting Demirci-Selçuk Meet-in-the-Middle Attacks against Reduced-Round AES , 2013, IACR Cryptol. ePrint Arch..

[2]  Marine Minier,et al.  Improved Impossible Differential Attacks against Round-Reduced LBlock , 2014, IACR Cryptol. ePrint Arch..

[3]  Dawu Gu,et al.  New Observations on Impossible Differential Cryptanalysis of Reduced-Round Camellia , 2012, FSE.

[4]  Chae Hoon Lim,et al.  A Revised Version of Crypton - Crypton V1.0 , 1999, FSE.

[5]  Keting Jia,et al.  Meet-in-the-Middle Technique for Truncated Differential and Its Applications to CLEFIA and Camellia , 2015, FSE.

[6]  Kyoji Shibutani,et al.  The 128-Bit Blockcipher CLEFIA (Extended Abstract) , 2007, FSE.

[7]  T. Suzaki,et al.  Cryptanalysis of CLEFIA using multiple impossible differentials , 2008, 2008 International Symposium on Information Theory and Its Applications.

[8]  Mitsuru Matsui,et al.  Camellia: A 128-Bit Block Cipher Suitable for Multiple Platforms - Design and Analysis , 2000, Selected Areas in Cryptography.

[9]  Marine Minier,et al.  Analysis of Impossible, Integral and Zero-Correlation Attacks on Type-II Generalized Feistel Networks Using the Matrix Method , 2015, FSE.

[10]  Thomas Peyrin,et al.  Multiple Limited-Birthday Distinguishers and Applications , 2013, IACR Cryptol. ePrint Arch..

[11]  Peng Zhang,et al.  New Impossible Differential Cryptanalysis of ARIA , 2008, IACR Cryptol. ePrint Arch..

[12]  Patrick Derbez,et al.  Note on Impossible Differential Attacks , 2016, FSE.

[13]  Marine Minier,et al.  Stochastic Cryptanalysis of Crypton , 2000, FSE.

[14]  Mohammad Dakhilalian,et al.  New impossible differential attacks on reduced-round Crypton , 2010, Comput. Stand. Interfaces.

[15]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[16]  Céline Blondeau,et al.  Impossible differential attack on 13-round Camellia-192 , 2015, Inf. Process. Lett..

[17]  Lei Hu,et al.  Related-Key Impossible Differential Analysis of Full Khudra , 2016, IWSEC.

[18]  Dengguo Feng,et al.  New Results on Impossible Differential Cryptanalysis of Reduced AES , 2007, ICISC.

[19]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[20]  Jérémy Jean,et al.  Improved Key Recovery Attacks on Reduced-Round AES in the Single-Key Setting , 2013, IACR Cryptol. ePrint Arch..

[21]  Vincent Rijmen,et al.  Improved Impossible Differential Cryptanalysis of 7-Round AES-128 , 2010, INDOCRYPT.

[22]  Daesung Kwon,et al.  New Block Cipher: ARIA , 2003, ICISC.

[23]  Wenling Wu,et al.  LBlock: A Lightweight Block Cipher , 2011, ACNS.

[24]  María Naya-Plasencia,et al.  Scrutinizing and Improving Impossible Differential Attacks: Applications to CLEFIA, Camellia, LBlock and Simon (Full Version) , 2014, IACR Cryptol. ePrint Arch..

[25]  Chunyan Song,et al.  Improved Impossible Differential Cryptanalysis of ARIA , 2008, 2008 International Conference on Information Security and Assurance (isa 2008).

[26]  Fang-Wei Fu,et al.  Improved Results of Impossible Differential Cryptanalysis on Reduced FOX , 2016, Comput. J..

[27]  Juanru Li,et al.  Linear Cryptanalysis of ARIA Block Cipher , 2011, ICICS.

[28]  Andrey Bogdanov,et al.  Biclique Cryptanalysis of the Full AES , 2011, ASIACRYPT.

[29]  Marine Minier,et al.  Improving impossible-differential attacks against Rijndael-160 and Rijndael-224 , 2017, Des. Codes Cryptogr..

[30]  Alex Biryukov,et al.  Differential Analysis and Meet-in-the-Middle Attack Against Round-Reduced TWINE , 2015, FSE.

[31]  Eli Biham,et al.  Cryptanalysis of Skipjack Reduced to 31 Rounds Using Impossible Differentials , 1999, Journal of Cryptology.

[32]  Behnam Bahrak,et al.  Impossible differential attack on seven-round AES-128 , 2008, IET Inf. Secur..

[33]  Thomas Peyrin,et al.  The LED Block Cipher , 2011, IACR Cryptol. ePrint Arch..

[34]  Mohammad Dakhilalian,et al.  On computational complexity of impossible differential cryptanalysis , 2014, Inf. Process. Lett..

[35]  Jongsung Kim,et al.  Truncated Differential Attacks on 8-Round CRYPTON , 2003, ICISC.

[36]  Jongsung Kim,et al.  New Impossible Differential Attacks on AES , 2008, INDOCRYPT.

[37]  Dengguo Feng,et al.  Impossible Differential Cryptanalysis of Reduced-Round ARIA and Camellia , 2007, Journal of Computer Science and Technology.