Automatic Search of Meet-in-the-Middle and Impossible Differential Attacks

Tracking bits through block ciphers and optimizing attacks at hand is one of the tedious task symmetric cryptanalysts have to deal with. It would be nice if a program will automatically handle them at least for well-known attack techniques, so that cryptanalysts will only focus on nding new attacks. However, current automatic tools cannot be used as is, either because they are tailored for speci c ciphers or because they only recover a speci c part of the attacks and cryptographers are still needed to nalize the analysis. In this paper we describe a generic algorithm exhausting the best meetin-the-middle and impossible di erential attacks on a very large class of block ciphers from byte to bit-oriented, SPN, Feistel and Lai-Massey block ciphers. Contrary to previous tools that target to nd the best di erential / linear paths in the cipher and leave the cryptanalysts to nd the attack using these paths, we automatically nd the best attacks by considering the cipher and the key schedule algorithms. The building blocks of our algorithm led to two algorithms designed to nd the best simple meet-in-the-middle attacks and the best impossible truncated differential attacks respectively. We recover and improve many attacks on AES, mCRYPTON, SIMON, IDEA, KTANTAN, PRINCE and ZORRO. We show that this tool can be used by designers to improve their analysis.