We discuss the impossible differential cryptanalysis of the block cipher Zodiac [7]. The main design principles of Zodiac are simplicity and efficiency. However the diffusion layer in its round function is too simple to offer enough security. An impossible differential cryptanalysis is a proper method to attack the weakness of Zodiac. Our attack using two 14-round impossible characteristics der...

The modification of message that meets the sufficient conditions for collision is found in the last step of differential attack proposed by Wang et all. (2005) on MD4 hash algorithm. Here we show how this attack phase, finding a collision starting from the list of sufficient conditions for the collision, can be implemented using a combination of two algorithms evolutionary algorithm and hill cl...

We consider highly structured truncated differential paths to mount a new rebound attack on Grøstl-512, a hash functions based on two AES-like permutations, P1024 and Q1024, with non-square input and output registers. We explain how such differential paths can be computed using a Mixed-Integer Linear Programming approach. Together with a SuperSBox description, this allows us to build a rebound ...

SMS4 is a 128-bit block cipher used in the WAPI standard for wireless networks in China. In this paper, we analyze the security of SMS4 block cipher against differential cryptanalysis. Firstly, we prove three theorems and one corollary that reflect relationships of 5and 6round SMS4. Nextly, by these relationships, we clarify the minimum number of differentially active S-boxes in 6-, 7and 12-rou...

ICEPOLE is a CAESAR candidate with the intermediate level of robustness under nonce misuse circumstances in the original document. In particular, it was claimed that key recovery attack against ICEPOLE is impossible in the case of nonce misuse. ICEPOLE is strong against the differential cryptanalysis and linear cryptanalysis. In this paper, we developed the differential-linear attacks against I...

In this work, we refine a partitioning technique recently proposed by Biham and Carmeli to improve the linear cryptanalysis of addition operations, and we propose an analogue improvement of differential cryptanalysis of addition operations. These two technique can reduce the data complexity of linear and differential attacks, at the cost of more processing time. Our technique can be seen of the...

CAST-128 and CAST-256 are two symmetric algorithms designed by Adams in 1990s. Both of them adopt the CAST design procedure which makes them process a number of desirable cryptographic. CAST-128 is notably used as the default cipher in some versions of GNU Privacy Guard (GPG) and Pretty Good Privacy (PGP) systems. As an extension of CAST-128, CAST-256 was submitted as a candidate for the Advanc...

In this paper, we report the first successful attack on a DES crypto co-processor protected by the “Positive” Wave Dynamic Differential Logic (WDDL+) and embedded in a Field Programmable Gates Array (FPGA). This attack is unambiguous as the full key is retrieved. We experimentally show that this countermeasure resists to Differential Power Analysis (DPA), but can be broken by a totally non-inva...

Impossible differential attack is a well-known mean to examine robustness of block ciphers. Using impossible differ- ential cryptanalysis, we analyze security of a family of lightweight block ciphers, named Midori, that are designed considering low energy consumption. Midori state size can be either 64 bits for Midori64 or 128 bits for Midori128; however, both vers...

Hierocrypt-3 is an SPN-based block cipher designed by Toshiba Corporation. It operates on 128-bit state using either 128, 192 or 256bit key. In this paper, we present two meet-in-the-middle attacks in the single-key setting on the 4-round reduced Hierocrypt-3 with 256-bit key. The first attack is based on the differential enumeration approach where we propose a truncated differential characteri...