At ASIACRYPT 2012, Sasaki et al. introduced the guess-and-determine approach to extend meet-in-the-middle (MITM) preimage attack. CRYPTO 2021, Dong proposed a technique derive solution spaces of nonlinear constrained neutral words in MITM In this paper, we try combine these two techniques further improve attacks. Based on previous MILP-based automatic tools for attacks, introduce new constraint...

In ARX structures, constants that are not rotational invariant are often injected into the state, in the form of round constants or as a result of using a fixed key. Rotational cryptanalysis cannot deal with such constants. Rotational cryptanalysis in the presence of constants, also known as rotational-XOR cryptanalysis, is a recently proposed statistical technique to attack ARX primitives. The...

One of the major issues of cryptography is the cryptanalysis of cipher algorithms. Cryptanalysis is the study of methods for obtaining the meaning of encrypted information, without access to the secret information that is normally required. Some mechanisms for breaking codes include differential cryptanalysis, advanced statistics and brute-force. Recent works also attempt to use algebraic tools...

This paper considers a cryptanalytic approach called integral cryptanalysis. It can be seen as a dual to differential cryptanalysis and applies to ciphers not vulnerable to differential attacks. The method is particularly applicable to block ciphers which use bijective components only.

In 1,2] we introduced the notion of diierential cryptanalysis based on chosen plaintext attacks. In 3,4] we described the application of diierential crypt-analysis to Feall12,11] and extended the method to known plaintext attacks. In this paper diierential cryptanalysis methods are applied to the hash function Snefruu9] and to the cryptosystems Khafree10], REDOC-III14,6], LOKII5] and Luciferr7].

Diierential cryptanalysis is a powerful attack developed by Eli Biham and Adi Shamir. It has been successfully applied to many DES-like cryptosystems. We provide a brief introduction to their paper BS91] and show how to apply diierential cryptanalysis to attack the Data Encryption Standard (DES) reduced to 5 rounds.