Zero-correlation linear attack is a new method for cryptanalysis of block ciphers developed by Bogdanov et al. in 2012. In this paper we adapt the matrix method to find zerocorrelation linear approximations. Then we present several zero-correlation linear approximations for 14 rounds of LBlock and describe a cryptanalysis for 22 rounds of the reduced LBlock. After biclique attacks on LBlock rev...

In [10], Buchmann, Pyshkin and Weinmann have described two families of Feistel and SPN block ciphers called Flurry and Curry respectively. These two families of ciphers are fully parametrizable and have a sound design strategy against basic statistical attacks; i.e. linear and differential attacks. The encryption process can be easily described by a set of algebraic equations. These ciphers are...

An increasing number of cryptographic primitives are built using the ARX operations: addition modulo 2n, bit rotation and XOR. Because of their very fast performance in software, ARX ciphers are becoming increasingly common. However, not a single ARX cipher has yet been proven to be secure against one of the most common attacks in symmetrickey cryptography: differential cryptanalysis. In this p...

This paper analyzes the security of the RC5 encryption algorithm against differential and linear cryptanalysis. RC5 is a new block cipher recently designed by Ron Rivest. It has a variable word size, a variable number of rounds, and a variable-length secret key. In RC5, the secret key is used to fill an expanded key table which is then used in encryption. Both our differential and linear attack...

The stream cipher Salsa20 was introduced by Bernstein in 2005 as a candidate in the eSTREAM project, accompanied by the reduced versions Salsa20/8 and Salsa20/12. ChaCha is a variant of Salsa20 aiming at bringing better diffusion for similar performance. Variants of Salsa20 with up to 7 rounds (instead of 20) have been broken by differential cryptanalysis, while ChaCha has not been analyzed yet...

The TWEAKEY/STK construction is an increasingly popular approach for designing tweakable block ciphers that notably uses a linear tweakey schedule. Several recent attacks have analyzed the implications of this approach for differential cryptanalysis and other attacks that can take advantage of related tweakeys. We generalize the clustering approach of a recent differential attack on the tweakab...

This paper studies the security offered by E2 against truncated differential attack. At FSE’99, Matsui and Tokita presented a paper on this. They showed a possible attack on an 8round variant of E2 without IT and FT -Functions. To check their results and confirm that the full E2 is secure against this type of cryptanalysis, we developed a search algorithm to find all byte characteristics that l...

We present an attack on Salsa20 reduced to five of its twenty rounds. This attack uses many clusters of truncated differentials and requires 2 work and 2 plaintexts. 1 Definition of Salsa20 Salsa20 [1] is a candidate in the eSTREAM project to identify new stream ciphers that might be suitable for widespread adoption. For convenience, we recap here the parameterized family of variants Salsa20-w/...