Linear cryptanalysis, along with differential cryptanalysis, is an important tool to evaluate the security of block ciphers. This work introduces a novel extension of linear cryptanalysis – zero-correlation linear cryptanalysis – a technique applicable to many block cipher constructions. It is based on linear approximations with a correlation value of exactly zero. For a permutation on n bits, ...

Linear cryptanalysis, along with differential cryptanalysis, is an important tool to evaluate the security of block ciphers. This work introduces a novel extension of linear cryptanalysis: zero-correlation linear cryptanalysis, a technique applicable to many block cipher constructions. It is based on linear approximations with a correlation value of exactly zero. For a permutation on n bits, an...

The Madryga encryption algorithm is susceptible to differential cryptanalysis. The key can be determined with about 5000 chosen plaintexts.

In this paper, we present an improved differential-linear cryptanalysis of the ChaCha stream cipher. Our main contributions are new distinguishers that were able to build thanks following improvements: a) considered a larger search space, including 2-bit differences (besides 1-bit differences) for difference at beginning differential part trail; b) better choice mask between and linear parts; c...

This paper introduces significant improvements over the existing cryptanalysis approaches on Salsa20 and ChaCha stream ciphers. For first time, we reduced attack complexity Salsa20/8 to lowest possible margin. We introduced an ChaCha7.25. It is of its type ChaCha7.25/20. In our approach, studied differential ciphers based a comprehensive analysis probabilistic neutral bits (PNBs). The study bia...

Impossible differential cryptanalysis has been proved to be one of the most powerful techniques to attack block ciphers. Based on the impossible differential paths, we can usually add several rounds before or after to launch the key recovery attack. Impossible differential cryptanalysis is powerful not only because the number of rounds it can break is very competitive compared to other attacks,...

We present a detailed security analysis of the CAESAR candidate Ascon. Amongst others, cube-like, differential and linear cryptanalysis are used to evaluate the security of Ascon. Our results are practical key-recovery attacks on round-reduced versions of Ascon-128, where the initialization is reduced to 5 out of 12 rounds. Theoretical keyrecovery attacks are possible for up to 6 rounds of init...

We introduce a new methodology for designing block ciphers with provable security against differential and linear cryptanalysis. It is based on three new principles: change of the location of round functions, round functions with recursive structure, and substitution boxes of different sizes. The first realizes parallel computation of the round functions without losing provable security, and th...

Impossible differential attacks are among the most powerful forms of cryptanalysis against block ciphers. We present in this paper an in-depth complexity analysis of these attacks. We show an unified way to mount such attacks and provide generic formulas for estimating their time and data complexities. LBlock is a well studied lightweight block cipher with respect to impossible differential att...