2015
DOI: 10.1007/978-3-662-47989-6_5
|View full text |Cite
|
Sign up to set email alerts
|

Links Among Impossible Differential, Integral and Zero Correlation Linear Cryptanalysis

Abstract: Abstract. As two important cryptanalytic methods, impossible differential cryptanalysis and integral cryptanalysis have attracted much attention in recent years. Although relations among other important cryptanalytic approaches have been investigated, the link between these two methods has been missing. The motivation in this paper is to fix this gap and establish links between impossible differential cryptanalysis and integral cryptanalysis.Firstly, by introducing the concept of structure and dual structure, … Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
43
0

Year Published

2017
2017
2023
2023

Publication Types

Select...
5
2
1

Relationship

0
8

Authors

Journals

citations
Cited by 67 publications
(43 citation statements)
references
References 36 publications
0
43
0
Order By: Relevance
“…exploited, one cannot find any impossible differential or zero-correlation linear hull of the AES that covers 5 or more rounds. Moreover, due to the link among impossible differential, integral and zero correlation linear cryptanalysis [24], an analogous result holds also for the integral case. On the other hand, our new property presented in this paper holds up to 5-round of AES independently of the key and of the details of the S-Box (and of the MixColumns operation), and allows to answer an almost 20-year old problem: given a set of chosen plaintexts similar to the one used by the integral and impossible differential distinguishers just recalled, is there any property which is independent of the secret key after 5-round AES?…”
Section: Propertymentioning
confidence: 66%
“…exploited, one cannot find any impossible differential or zero-correlation linear hull of the AES that covers 5 or more rounds. Moreover, due to the link among impossible differential, integral and zero correlation linear cryptanalysis [24], an analogous result holds also for the integral case. On the other hand, our new property presented in this paper holds up to 5-round of AES independently of the key and of the details of the S-Box (and of the MixColumns operation), and allows to answer an almost 20-year old problem: given a set of chosen plaintexts similar to the one used by the integral and impossible differential distinguishers just recalled, is there any property which is independent of the secret key after 5-round AES?…”
Section: Propertymentioning
confidence: 66%
“…We apply this method to many block cipher structures. The experiment results show that this improvement can largely reduce the search time for the impossible differentials of a block cipher, since there are known relationships between impossible differential and integral and zero correlation linear cryptanalysis [22,36,37]. This method can be used as a cryptanalytic tool to evaluate the security of a block cipher against these kinds of cryptanalysis.…”
Section: Resultsmentioning
confidence: 99%
“…MIBS is a 16-subblock Feistel structure with substitution and permutation input: A differential pair (Δin, Δout) and the system S output: A boolean flag indicates if (Δin, Δout) is an impossible differential (1) is the × augmented matrix of S; (2) is the − 1 dimension variable vector; (3) N is the map of constraints of S; (4) flag←false; (5) index←true; (6) Initialize every variable in according to (Δin, Δout) and the constraints in N; (7) while index do (8) UpdateMatrix ( , ) // Update according to ; / * Transform into the reduced-row-echelon form by Gauss-Jordan Elimination * / (9) ReducedRowEchelon ( ); (10) if has no solution then (11) flag←true; (12) break; (13) else (14) index ← false; (15) count← 0; (16) for ← to 1 do (17) → V ← Row of ; (18) if the sum of the first − 1 elements of → V is 1 then (19) ← the index of the element 1 in → V ; (20) ← the last element of → V ; // the solution of the th variable in (21) / * update the variable vector with ( , ) and return true if there is no contradiction and return false otherwise. * / (22) ←UpdateVector ( , N, , ); (23) if is false then (24) flag ← true; (25) return flag; (26) else (27) index ← true; (28) end (29) end (30) end ( …”
Section: Applications and Experiments Resultsmentioning
confidence: 99%
See 1 more Smart Citation
“…Impossible differential attack, introduced by Knudsen [1] and Biham et al [2] independently, is one of the most well-known cryptanalytic techniques for symmetric-key cryptanalysts [3][4][5][6][7][8][9]. Generally, in impossible differential cryptanalysis, we guess some key bits involved in the outer rounds of the target cipher.…”
Section: Introductionmentioning
confidence: 99%