Impossible differential and square attacks: Cryptanalytic link and application to Skipjack

This paper shows a surprising similarity between the construction of, respectively, impossible differentials and square distinguishers. This observation is illustrated by comparing two attacks on IDEA (Biham & al., FSE’99 [2], Nakahara & al., 2001 [7]). Using this similarity, we also derive a 16-round square distinguisher on Skipjack, directly based on the impossible differential attack presented in (Biham & al., Eurocrypt’99 [1]). However it is not the best square distinguisher we can find for Skipjack; this one is 19 rounds long. We use it to attack up to 24 rounds of Skipjack. Although this result is clearly not as good as those obtained by impossible differential on Skipjack, it must be pointed out that it is the first time that so big a part (24 rounds out of 32) of a non-square-like cipher is attacked using the square attack. Finally, we discuss the strong and weak points of respectively impossible differential and square attacks.